Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cyn8-qgtg-eqa7
Summary
Security researcher Jordan Milne reported an information
leak where document.caretPositionFromPoint and
document.elementFromPoint functions could be used on a cross-origin
iframe to gain information on the iframe's DOM and other attributes through a
timing attack, violating same-origin policy.

In general this flaw cannot be exploited through email in the
Seamonkey product because scripting is disabled in mail, but is potentially a
risk in browser or browser-like contexts.
Aliases
0
alias CVE-2014-1483
Fixed_packages
0
url pkg:mozilla/Firefox@27.0.0
purl pkg:mozilla/Firefox@27.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@27.0.0
1
url pkg:mozilla/Seamonkey@2.24.0
purl pkg:mozilla/Seamonkey@2.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.24.0
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483
reference_id CVE-2014-1483
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2014-05
reference_id mfsa2014-05
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2014-05
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cyn8-qgtg-eqa7