Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-yswt-cvbe-pygm
Summary
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox
developers identified a similar pattern in our IPC code. A compromised child
process could cause the parent process to return an unintentionally
powerful handle, leading to a sandbox escape.
The original vulnerability was being exploited in the wild.
*This only affects Firefox on Windows. Other operating systems are unaffected.*
Aliases
0
alias CVE-2025-2857
Fixed_packages
0
url pkg:deb/debian/firefox@0?distro=sid
purl pkg:deb/debian/firefox@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@0%3Fdistro=sid
1
url pkg:deb/debian/firefox@151.0.3-1?distro=sid
purl pkg:deb/debian/firefox@151.0.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid
2
url pkg:deb/debian/firefox-esr@0?distro=trixie
purl pkg:deb/debian/firefox-esr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@0%3Fdistro=trixie
3
url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie
4
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie
7
url pkg:mozilla/Firefox@136.0.4
purl pkg:mozilla/Firefox@136.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@136.0.4
8
url pkg:mozilla/Firefox%20ESR@115.21.1
purl pkg:mozilla/Firefox%20ESR@115.21.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@115.21.1
9
url pkg:mozilla/Firefox%20ESR@128.8.1
purl pkg:mozilla/Firefox%20ESR@128.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@128.8.1
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2857.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2857.json
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2355327
reference_id 2355327
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2355327
2
reference_url https://www.cve.org/CVERecord?id=CVE-2025-2783
reference_id CVERecord?id=CVE-2025-2783
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:23:40Z/
url https://www.cve.org/CVERecord?id=CVE-2025-2783
3
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-19
reference_id mfsa2025-19
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-19
4
reference_url https://www.mozilla.org/security/advisories/mfsa2025-19/
reference_id mfsa2025-19
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:23:40Z/
url https://www.mozilla.org/security/advisories/mfsa2025-19/
5
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1956398
reference_id show_bug.cgi?id=1956398
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:23:40Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1956398
Weaknesses
Exploits
Severity_range_score9.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-yswt-cvbe-pygm