Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-dbre-65bp-xbf1
Summary
Security researcher Fabián Cuchietti discovered that
it was possible to bypass the restriction on JavaScript execution in mail by
embedding an <iframe> with a data: URL within a message. If the victim
replied or forwarded the mail after receiving it, quoting it "in-line"
using Thunderbird's HTML mail editor, it would run the attached script. The
running script would be restricted to the mail composition window where it could
observe and potentially modify the content of the mail before it was sent.
Scripts were not executed if the recipient merely viewed the mail, only if it
was edited as HTML. Turning off HTML composition prevented the vulnerability and
forwarding the mail "as attachment" prevented the forwarding
variant.Ateeq ur Rehman Khan of Vulnerability Labs reported
additional variants of this attack involving the use of the <object> tag
and which could be used to attach object data types such as images, audio, or
video.This affected the Thunderbird 17 branch. It was fixed in all
versions based on Gecko 23 or later. Thunderbird 24 and later are not affected
by this vulnerability.
Aliases
0
alias CVE-2013-6674
Fixed_packages
0
url pkg:mozilla/SeaMonkey@2.20.0
purl pkg:mozilla/SeaMonkey@2.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.20.0
1
url pkg:mozilla/Thunderbird@23.0.0
purl pkg:mozilla/Thunderbird@23.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@23.0.0
Affected_packages
0
url pkg:rpm/redhat/thunderbird@24.2.0-1?arch=el6_5
purl pkg:rpm/redhat/thunderbird@24.2.0-1?arch=el6_5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-62px-695g-57bk
1
vulnerability VCID-69g6-8d1a-kubz
2
vulnerability VCID-b2k8-kjmq-1kh4
3
vulnerability VCID-db94-kcvc-zybp
4
vulnerability VCID-dbre-65bp-xbf1
5
vulnerability VCID-gsx1-3jjx-nqan
6
vulnerability VCID-t5xp-1qqf-cfht
7
vulnerability VCID-vg9h-jcc1-9qeg
8
vulnerability VCID-vhq8-wmxx-wqgt
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@24.2.0-1%3Farch=el6_5
1
url pkg:rpm/redhat/thunderbird@24.2.0-2?arch=el5_10
purl pkg:rpm/redhat/thunderbird@24.2.0-2?arch=el5_10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-62px-695g-57bk
1
vulnerability VCID-69g6-8d1a-kubz
2
vulnerability VCID-b2k8-kjmq-1kh4
3
vulnerability VCID-db94-kcvc-zybp
4
vulnerability VCID-dbre-65bp-xbf1
5
vulnerability VCID-gsx1-3jjx-nqan
6
vulnerability VCID-t5xp-1qqf-cfht
7
vulnerability VCID-vg9h-jcc1-9qeg
8
vulnerability VCID-vhq8-wmxx-wqgt
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@24.2.0-2%3Farch=el5_10
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6674.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6674.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6674
reference_id
reference_type
scores
0
value 0.47529
scoring_system epss
scoring_elements 0.97711
published_at 2026-04-18T12:55:00Z
1
value 0.47529
scoring_system epss
scoring_elements 0.9768
published_at 2026-04-01T12:55:00Z
2
value 0.47529
scoring_system epss
scoring_elements 0.97687
published_at 2026-04-02T12:55:00Z
3
value 0.47529
scoring_system epss
scoring_elements 0.97688
published_at 2026-04-07T12:55:00Z
4
value 0.47529
scoring_system epss
scoring_elements 0.97693
published_at 2026-04-08T12:55:00Z
5
value 0.47529
scoring_system epss
scoring_elements 0.97696
published_at 2026-04-09T12:55:00Z
6
value 0.47529
scoring_system epss
scoring_elements 0.97698
published_at 2026-04-11T12:55:00Z
7
value 0.47529
scoring_system epss
scoring_elements 0.97701
published_at 2026-04-12T12:55:00Z
8
value 0.47529
scoring_system epss
scoring_elements 0.97702
published_at 2026-04-13T12:55:00Z
9
value 0.47529
scoring_system epss
scoring_elements 0.97708
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6674
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1063120
reference_id 1063120
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1063120
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6674
reference_id CVE-2013-6674
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6674
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31223.txt
reference_id CVE-2013-6674;OSVDB-102566
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31223.txt
5
reference_url https://www.vulnerability-lab.com/get_content.php?id=953
reference_id CVE-2013-6674;OSVDB-102566
reference_type exploit
scores
url https://www.vulnerability-lab.com/get_content.php?id=953
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2014-14
reference_id mfsa2014-14
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2014-14
7
reference_url https://access.redhat.com/errata/RHSA-2013:1823
reference_id RHSA-2013:1823
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1823
8
reference_url https://usn.ubuntu.com/2119-1/
reference_id USN-2119-1
reference_type
scores
url https://usn.ubuntu.com/2119-1/
Weaknesses
Exploits
0
date_added 2014-01-27
description Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2014-01-27
exploit_type dos
platform multiple
source_date_updated 2014-01-27
data_source Exploit-DB
source_url https://www.vulnerability-lab.com/get_content.php?id=953
Severity_range_score7.0 - 8.9
Exploitability2.0
Weighted_severity8.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-dbre-65bp-xbf1