Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:mozilla/Firefox@3.5.6
Typemozilla
Namespace
NameFirefox
Version3.5.6
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.5.8
Latest_non_vulnerable_version151.0.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-e15r-7w4r-syfy
vulnerability_id VCID-e15r-7w4r-syfy
summary 
Mozilla discovered several bugs in liboggplay which posed potential
memory safety issues.  The bugs which were fixed could potentially be
used by an attacker to crash a victim's browser and execute arbitrary
code on their computer.Audio and Video capabilities were added to the Mozilla browser
engine in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of
these products were not affected.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388
reference_id CVE-2009-3388
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-66
reference_id mfsa2009-66
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-66
fixed_packages
0
url pkg:mozilla/Firefox@3.5.6
purl pkg:mozilla/Firefox@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6
aliases CVE-2009-3388
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e15r-7w4r-syfy
1
url VCID-feey-1wqm-ekhz
vulnerability_id VCID-feey-1wqm-ekhz
summary 
Security researcher Jonathan Morgan reported that
when a page loaded over an insecure protocol, such as http: or file:,
sets its document.location to a https: URL which
responds with a 204 status and empty response body, the insecure page
will receive SSL indicators near the location bar, but will not have
its page content modified in any way.  This could lead to a user
believing they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an
issue similar to one fixed
in mfsa2009-44 in which a web page can
set document.location to a URL that can't be displayed
properly and then inject content into the resulting blank page.  An
attacker could use this vulnerability to place a legitimate-looking
but invalid URL in the location bar and inject HTML and JavaScript
into the body of the page, resulting in a spoofing attack.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984
reference_id CVE-2009-3984
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-69
reference_id mfsa2009-69
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-69
fixed_packages
0
url pkg:mozilla/Firefox@3.0.16
purl pkg:mozilla/Firefox@3.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.16
1
url pkg:mozilla/Firefox@3.5.6
purl pkg:mozilla/Firefox@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6
aliases CVE-2009-3984
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-feey-1wqm-ekhz
2
url VCID-hfx9-d6d1-5kbv
vulnerability_id VCID-hfx9-d6d1-5kbv
summary 
Security researcher Gregory Fleischer reported
that the exception messages generated by
Mozilla's GeckoActiveXObject differ based on whether or
not the requested COM object's ProgID is present in the system
registry.  A malicious site could use this vulnerability to enumerate
a list of COM objects installed on a user's system and create a
profile to track the user across browsing sessions.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987
reference_id CVE-2009-3987
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-71
reference_id mfsa2009-71
reference_type
scores
0
value low
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-71
fixed_packages
0
url pkg:mozilla/Firefox@3.0.16
purl pkg:mozilla/Firefox@3.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.16
1
url pkg:mozilla/Firefox@3.5.6
purl pkg:mozilla/Firefox@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6
aliases CVE-2009-3987
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfx9-d6d1-5kbv
3
url VCID-n2jn-bkz2-yygh
vulnerability_id VCID-n2jn-bkz2-yygh
summary 
Security researcher Takehiro Takahashi of the IBM
X-Force reported that Mozilla's NTLM implementation was vulnerable to
reflection attacks in which NTLM credentials from one application
could be forwarded to another arbitrary application via the browser.
If an attacker could get a user to visit a web page he controlled he
could force NTLM authenticated requests to be forwarded to another
application on behalf of the user.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983
reference_id CVE-2009-3983
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-68
reference_id mfsa2009-68
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-68
fixed_packages
0
url pkg:mozilla/Firefox@3.0.16
purl pkg:mozilla/Firefox@3.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.16
1
url pkg:mozilla/Firefox@3.5.6
purl pkg:mozilla/Firefox@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6
aliases CVE-2009-3983
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2jn-bkz2-yygh
4
url VCID-s9ey-mtj5-vbey
vulnerability_id VCID-s9ey-mtj5-vbey
summary 
Security researcher David James reported that a
content window which is opened by a chrome window retains a reference
to the chrome window via the window.opener property.  Using
this reference, content in the new window can access functions 
inside the chrome window, such as eval, and use these
functions to run arbitrary JavaScript code with chrome privileges. In
a stock Mozilla browser a remote attacker can not cause these application
dialogs to appear nor to automatically load the attack code that takes advantage
of this flaw in window.opener. There may be add-ons which open
potentially hostile web-content in this way, and combined with such an add-on the
severity of this flaw could be upgraded to Critical.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986
reference_id CVE-2009-3986
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-70
reference_id mfsa2009-70
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-70
fixed_packages
0
url pkg:mozilla/Firefox@3.0.16
purl pkg:mozilla/Firefox@3.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.16
1
url pkg:mozilla/Firefox@3.5.6
purl pkg:mozilla/Firefox@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6
aliases CVE-2009-3986
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ey-mtj5-vbey
5
url VCID-u6e2-wfx5-r3cu
vulnerability_id VCID-u6e2-wfx5-r3cu
summary 
Mozilla developers and community members identified and fixed
several stability bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these crashes showed evidence of
memory corruption under certain circumstances and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979
reference_id CVE-2009-3979
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-65
reference_id mfsa2009-65
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-65
fixed_packages
0
url pkg:mozilla/Firefox@3.0.16
purl pkg:mozilla/Firefox@3.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.16
1
url pkg:mozilla/Firefox@3.5.6
purl pkg:mozilla/Firefox@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6
aliases CVE-2009-3979
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u6e2-wfx5-r3cu
6
url VCID-v1gt-2387-67dw
vulnerability_id VCID-v1gt-2387-67dw
summary 
Security researcher Dan Kaminsky reported an
integer overflow in the Theora video library.  A video's dimensions
were being multiplied together and used in particular memory
allocations.  When the video dimensions were sufficiently large, the
multiplication could overflow a 32-bit integer resulting in too small
a memory buffer being allocated for the video.  An attacker could use
a specially crafted video to write data past the bounds of this
buffer, causing a crash and potentially running arbitrary code on a
victim's computer.Mozilla intern David Keeler also independently
reported this issue as well as an additional crash which was
determined to be a denial-of-service.Video capabilities were added to the Mozilla browser engine
in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these
products were not affected.These bugs were fixed upstream in Theora version 1.1
("Thusnelda") but the older version used in Firefox 3.5 needed this
patch.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389
reference_id CVE-2009-3389
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-67
reference_id mfsa2009-67
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-67
fixed_packages
0
url pkg:mozilla/Firefox@3.5.6
purl pkg:mozilla/Firefox@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6
aliases CVE-2009-3389
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1gt-2387-67dw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6