Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-yhvb-fyub-jfb8

Summary If the app.support.baseURL preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads chrome://browser/content/preferences/in-content/preferences.xul directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message.

Aliases

alias	CVE-2018-5133

Fixed_packages

Affected_packages

References

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

Weaknesses

Exploits

Severity_range_score 9.0 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yhvb-fyub-jfb8

Vulnerability Instance