Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-4rt5-58ue-sufc

Summary Mozilla developers and community members Gary Kwong, Christian Holler, André Bargull, Bob Clary, Carsten Book, Emilio Cobos Álvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

Aliases

alias	CVE-2017-7780

Fixed_packages

url	pkg:alpm/archlinux/firefox@55.0-1
purl	pkg:alpm/archlinux/firefox@55.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@55.0-1

url	pkg:deb/debian/firefox@55.0-1?distro=sid
purl	pkg:deb/debian/firefox@55.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@55.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.3-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.3-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/firefox@54.0.1-1

purl pkg:alpm/archlinux/firefox@54.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-39za-a75a-z7c3

vulnerability	VCID-3cbn-278y-hkah

vulnerability	VCID-48em-7yxs-pqf9

vulnerability	VCID-4rt5-58ue-sufc

vulnerability	VCID-6aqn-abjb-skbd

vulnerability	VCID-7mvz-mr2e-hyfx

vulnerability	VCID-9cje-24ah-p7fk

vulnerability	VCID-d7jf-wx4p-cuek

vulnerability	VCID-dck1-2x3v-1ygr

vulnerability	VCID-eaau-g1uf-73gd

vulnerability	VCID-f7ut-fqny-tffr

vulnerability	VCID-gf3v-rmys-syex

vulnerability	VCID-hd7u-f91y-dqhz

vulnerability	VCID-hk7b-ckyd-7qg2

vulnerability	VCID-hw2h-w5r2-7qhv

vulnerability	VCID-kn3f-cx36-17h2

vulnerability	VCID-nmws-nx6k-5qbe

vulnerability	VCID-np75-dzzq-8yef

vulnerability	VCID-q7jk-b69d-bbav

vulnerability	VCID-qetw-2ah7-5ba4

vulnerability	VCID-qh1k-c7ct-efg8

vulnerability	VCID-s558-4jac-47ft

vulnerability	VCID-vgwu-jbjv-xyd1

vulnerability	VCID-xzxb-5pq8-9bfd

vulnerability	VCID-yk2z-f6vu-93fb

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@54.0.1-1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7780.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7780.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7780

reference_id

reference_type

scores

value	0.01811
scoring_system	epss
scoring_elements	0.82765
published_at	2026-04-01T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.83019
published_at	2026-05-14T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82907
published_at	2026-04-29T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82927
published_at	2026-05-05T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82947
published_at	2026-05-07T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82968
published_at	2026-05-09T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82967
published_at	2026-05-11T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82982
published_at	2026-05-12T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82781
published_at	2026-04-02T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82795
published_at	2026-04-04T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82791
published_at	2026-04-07T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82816
published_at	2026-04-08T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82822
published_at	2026-04-09T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82839
published_at	2026-04-11T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82834
published_at	2026-04-12T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.8283
published_at	2026-04-13T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82869
published_at	2026-04-18T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82871
published_at	2026-04-21T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82893
published_at	2026-04-24T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82902
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7780

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1353763%2C1353356%2C1370070%2C1375435%2C1373663%2C1363150%2C1370817%2C1273678%2C1367850%2C1347968%2C1361749%2C1349138%2C1371982%2C1344666%2C1369836%2C1330739%2C1371511%2C1371484
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1353763%2C1353356%2C1370070%2C1375435%2C1373663%2C1363150%2C1370817%2C1273678%2C1367850%2C1347968%2C1361749%2C1349138%2C1371982%2C1344666%2C1369836%2C1330739%2C1371511%2C1371484

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-18/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-18/

reference_url	http://www.securityfocus.com/bid/100199
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100199

reference_url	http://www.securitytracker.com/id/1039124
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039124

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1479196
reference_id	1479196
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1479196

reference_url	https://security.archlinux.org/ASA-201708-3
reference_id	ASA-201708-3
reference_type
scores
url	https://security.archlinux.org/ASA-201708-3

reference_url

https://security.archlinux.org/AVG-375

reference_id

AVG-375

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-375

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7780

reference_id

CVE-2017-7780

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7780

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-18

reference_id

mfsa2017-18

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-18

reference_url	https://usn.ubuntu.com/3391-1/
reference_id	USN-3391-1
reference_type
scores
url	https://usn.ubuntu.com/3391-1/

Weaknesses

cwe_id	119
name	Improper Restriction of Operations within the Bounds of a Memory Buffer
description	The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Exploits

Severity_range_score 7.5 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rt5-58ue-sufc

Vulnerability Instance