Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-zycf-ufab-8yfb
SummaryThe Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*
Aliases
0
alias CVE-2019-11753
Fixed_packages
0
url pkg:deb/debian/firefox@150.0-1?distro=sid
purl pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid
1
url pkg:deb/debian/firefox@0?distro=sid
purl pkg:deb/debian/firefox@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@0%3Fdistro=sid
2
url pkg:deb/debian/firefox@149.0-1?distro=sid
purl pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid
3
url pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid
4
url pkg:deb/debian/firefox-esr@0?distro=trixie
purl pkg:deb/debian/firefox-esr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@0%3Fdistro=trixie
5
url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fqb-r5zb-a7dp
1
vulnerability VCID-3kv6-c148-nkhq
2
vulnerability VCID-59d3-343b-e3aw
3
vulnerability VCID-5dw5-vpt8-zqbz
4
vulnerability VCID-61r1-arbe-dke4
5
vulnerability VCID-7jt2-zr49-7ye5
6
vulnerability VCID-95et-ezmb-buau
7
vulnerability VCID-9ag7-z86d-nba9
8
vulnerability VCID-9nbw-7c9e-13af
9
vulnerability VCID-av7u-3g4m-mugm
10
vulnerability VCID-bwth-uepr-z7a3
11
vulnerability VCID-cjsm-7gxr-8ygw
12
vulnerability VCID-d16s-p141-qbft
13
vulnerability VCID-fxjm-ywug-f3d5
14
vulnerability VCID-hk2m-rbdy-nqhc
15
vulnerability VCID-ma29-qa7e-9qb4
16
vulnerability VCID-nge1-4cvg-zqb2
17
vulnerability VCID-nyum-jpbc-abew
18
vulnerability VCID-p6yz-xs58-u3gm
19
vulnerability VCID-pfmd-zv8f-8bfc
20
vulnerability VCID-q689-wneh-hbdq
21
vulnerability VCID-q8qp-5szp-mfe8
22
vulnerability VCID-qbzp-euvv-q7c7
23
vulnerability VCID-ruqn-mk9t-57hb
24
vulnerability VCID-tv7r-qf2c-dqbm
25
vulnerability VCID-w98r-yagc-kkec
26
vulnerability VCID-z6tm-b352-5uhk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie
6
url pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f81v-9fv8-93cd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1%3Fdistro=trixie
7
url pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f81v-9fv8-93cd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1%3Fdistro=trixie
8
url pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-f81v-9fv8-93cd
3
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1%3Fdistro=trixie
9
url pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fqb-r5zb-a7dp
1
vulnerability VCID-3kv6-c148-nkhq
2
vulnerability VCID-59d3-343b-e3aw
3
vulnerability VCID-61r1-arbe-dke4
4
vulnerability VCID-7jt2-zr49-7ye5
5
vulnerability VCID-95et-ezmb-buau
6
vulnerability VCID-9nbw-7c9e-13af
7
vulnerability VCID-av7u-3g4m-mugm
8
vulnerability VCID-bwth-uepr-z7a3
9
vulnerability VCID-cjsm-7gxr-8ygw
10
vulnerability VCID-d16s-p141-qbft
11
vulnerability VCID-f81v-9fv8-93cd
12
vulnerability VCID-fxjm-ywug-f3d5
13
vulnerability VCID-hk2m-rbdy-nqhc
14
vulnerability VCID-ma29-qa7e-9qb4
15
vulnerability VCID-nge1-4cvg-zqb2
16
vulnerability VCID-nyum-jpbc-abew
17
vulnerability VCID-p6yz-xs58-u3gm
18
vulnerability VCID-pfmd-zv8f-8bfc
19
vulnerability VCID-q689-wneh-hbdq
20
vulnerability VCID-q8qp-5szp-mfe8
21
vulnerability VCID-ruqn-mk9t-57hb
22
vulnerability VCID-tv7r-qf2c-dqbm
23
vulnerability VCID-w98r-yagc-kkec
24
vulnerability VCID-z6tm-b352-5uhk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1%3Fdistro=trixie
10
url pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f81v-9fv8-93cd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1%3Fdistro=trixie
Affected_packages
References
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11753.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11753.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11753
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19349
published_at 2026-04-21T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19469
published_at 2026-04-09T12:55:00Z
2
value 0.00062
scoring_system epss
scoring_elements 0.19473
published_at 2026-04-11T12:55:00Z
3
value 0.00062
scoring_system epss
scoring_elements 0.19425
published_at 2026-04-12T12:55:00Z
4
value 0.00062
scoring_system epss
scoring_elements 0.19368
published_at 2026-04-13T12:55:00Z
5
value 0.00062
scoring_system epss
scoring_elements 0.19329
published_at 2026-04-16T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.19336
published_at 2026-04-18T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.19439
published_at 2026-04-01T12:55:00Z
8
value 0.00062
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-02T12:55:00Z
9
value 0.00062
scoring_system epss
scoring_elements 0.19618
published_at 2026-04-04T12:55:00Z
10
value 0.00062
scoring_system epss
scoring_elements 0.19339
published_at 2026-04-07T12:55:00Z
11
value 0.00062
scoring_system epss
scoring_elements 0.19417
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11753
4
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1574980
reference_id
reference_type
scores
url https://bugzilla.mozilla.org/show_bug.cgi?id=1574980
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://www.mozilla.org/security/advisories/mfsa2019-25/
reference_id
reference_type
scores
url https://www.mozilla.org/security/advisories/mfsa2019-25/
7
reference_url https://www.mozilla.org/security/advisories/mfsa2019-26/
reference_id
reference_type
scores
url https://www.mozilla.org/security/advisories/mfsa2019-26/
8
reference_url https://www.mozilla.org/security/advisories/mfsa2019-27/
reference_id
reference_type
scores
url https://www.mozilla.org/security/advisories/mfsa2019-27/
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1748659
reference_id 1748659
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1748659
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11753
reference_id CVE-2019-11753
reference_type
scores
0
value 4.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:P/A:P
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-11753
14
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2019-25
reference_id mfsa2019-25
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2019-25
15
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2019-26
reference_id mfsa2019-26
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2019-26
16
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2019-27
reference_id mfsa2019-27
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2019-27
Weaknesses
0
cwe_id 282
name Improper Ownership Management
description The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
1
cwe_id 354
name Improper Validation of Integrity Check Value
description The product does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Exploits
Severity_range_score4.6 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-zycf-ufab-8yfb