Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1049230?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "type": "deb", "namespace": "debian", "name": "thunderbird", "version": "1:140.6.0esr-1~deb12u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:140.9.1esr-1", "latest_non_vulnerable_version": "1:140.9.1esr-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62703?format=api", "vulnerability_id": "VCID-13he-qsr4-h3d4", "summary": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4709", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06339", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06355", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06362", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06322", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.063", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06276", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450726", "reference_id": "2450726", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450726" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016329", "reference_id": "show_bug.cgi?id=2016329", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016329" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016342", "reference_id": "show_bug.cgi?id=2016342", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016342" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4709" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13he-qsr4-h3d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62776?format=api", "vulnerability_id": "VCID-15j8-br8z-juf3", "summary": "Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3889.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3889.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07541", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07479", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0746", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07518", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07437", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07427", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07515", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07528", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07542", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3889" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3889", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3889" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451006", "reference_id": "2451006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451006" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:05:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:05:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020723", "reference_id": "show_bug.cgi?id=2020723", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:05:32Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-3889" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15j8-br8z-juf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62709?format=api", "vulnerability_id": "VCID-1fv1-edht-ufag", "summary": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450723", "reference_id": "2450723", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450723" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018405", "reference_id": "show_bug.cgi?id=2018405", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018405" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4715" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fv1-edht-ufag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62750?format=api", "vulnerability_id": "VCID-1hay-xe3q-gyb4", "summary": "Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2789.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2789.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04533", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442322", "reference_id": "2442322", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442322" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015179", "reference_id": "show_bug.cgi?id=2015179", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015179" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2789" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hay-xe3q-gyb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62718?format=api", "vulnerability_id": "VCID-1u8u-pnq3-t7ae", "summary": "Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20416", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20638", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442324", "reference_id": "2442324", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442324" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2001637", "reference_id": "show_bug.cgi?id=2001637", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2001637" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2757" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1u8u-pnq3-t7ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62753?format=api", "vulnerability_id": "VCID-1v2s-g46y-ybdc", "summary": "Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2792.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.213", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21325", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21267", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21415", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21407", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21346", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21514", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21461", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21317", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21321", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21376", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442318", "reference_id": "2442318", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442318" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331", "reference_id": "buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2792" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v2s-g46y-ybdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62708?format=api", "vulnerability_id": "VCID-23eu-22t2-cydd", "summary": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450725", "reference_id": "2450725", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450725" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018126", "reference_id": "show_bug.cgi?id=2018126", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018126" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4714" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23eu-22t2-cydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62686?format=api", "vulnerability_id": "VCID-26d3-ctnj-7kbh", "summary": "Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10185", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10054", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10092", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10264", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10228", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10167", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10196", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10131", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10076", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10204", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450738", "reference_id": "2450738", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450738" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017512", "reference_id": "show_bug.cgi?id=2017512", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017512" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4691" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26d3-ctnj-7kbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62710?format=api", "vulnerability_id": "VCID-289s-f2w6-53g9", "summary": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4716" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450720", "reference_id": "2450720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450720" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018592", "reference_id": "show_bug.cgi?id=2018592", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018592" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4716" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-289s-f2w6-53g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62693?format=api", "vulnerability_id": "VCID-351y-4nek-u3aw", "summary": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07439", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07468", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07537", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07527", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07487", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07449", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12851", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450719", "reference_id": "2450719", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450719" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020906", "reference_id": "show_bug.cgi?id=2020906", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020906" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4698" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-351y-4nek-u3aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62748?format=api", "vulnerability_id": "VCID-3gmj-y8qd-ufej", "summary": "Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2787.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04533", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442297", "reference_id": "2442297", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442297" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014560", "reference_id": "show_bug.cgi?id=2014560", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014560" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2787" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gmj-y8qd-ufej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62714?format=api", "vulnerability_id": "VCID-3grf-hwk1-3fh8", "summary": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4719", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4719" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450746", "reference_id": "2450746", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450746" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016367", "reference_id": "show_bug.cgi?id=2016367", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016367" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4719" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3grf-hwk1-3fh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62716?format=api", "vulnerability_id": "VCID-3kd3-hwzv-efbn", "summary": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06333", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06184", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06155", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06228", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06237", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06198", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06172", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06141", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06213", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450711", "reference_id": "2450711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450711" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676", "reference_id": "buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4721" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kd3-hwzv-efbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62751?format=api", "vulnerability_id": "VCID-3sg3-9yx7-fufa", "summary": "Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2790.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2790.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05913", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05956", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05935", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05904", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0587", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05902", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05937", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05946", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442313", "reference_id": "2442313", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442313" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008426", "reference_id": "show_bug.cgi?id=2008426", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2790" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sg3-9yx7-fufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62699?format=api", "vulnerability_id": "VCID-3xgu-7evz-mffw", "summary": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05737", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05579", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05592", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05629", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05656", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0563", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05557", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05565", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05614", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0562", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450722", "reference_id": "2450722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450722" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014873", "reference_id": "show_bug.cgi?id=2014873", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014873" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4705" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xgu-7evz-mffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62715?format=api", "vulnerability_id": "VCID-4q6w-tdk9-d3an", "summary": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450751", "reference_id": "2450751", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450751" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733", "reference_id": "buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4720" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4q6w-tdk9-d3an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62747?format=api", "vulnerability_id": "VCID-4xqc-36jb-63c2", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14955", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15116", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442320", "reference_id": "2442320", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442320" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013612", "reference_id": "show_bug.cgi?id=2013612", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013612" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2786" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4xqc-36jb-63c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349997?format=api", "vulnerability_id": "VCID-5dw5-vpt8-zqbz", "summary": "Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17223", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17244", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20167", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20168", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21869", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21867", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5731" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901", "reference_id": "2455901", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-26", "reference_id": "mfsa2026-26", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-26/", "reference_id": "mfsa2026-26", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-27/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-29/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068096?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1" } ], "aliases": [ "CVE-2026-5731" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dw5-vpt8-zqbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62741?format=api", "vulnerability_id": "VCID-5ept-fu7g-8kes", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04119", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03994", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04067", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04048", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04029", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03982", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04026", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442334", "reference_id": "2442334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442334" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007829", "reference_id": "show_bug.cgi?id=2007829", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007829" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2780" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ept-fu7g-8kes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62682?format=api", "vulnerability_id": "VCID-646f-ndeq-5bee", "summary": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06543", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06394", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06376", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06454", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06425", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06388", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06357", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06444", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450757", "reference_id": "2450757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450757" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016368", "reference_id": "show_bug.cgi?id=2016368", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016368" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4687" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-646f-ndeq-5bee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62683?format=api", "vulnerability_id": "VCID-675n-7uzz-pqdj", "summary": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05519", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05385", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05422", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05449", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05426", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05354", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05401", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05409", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450713", "reference_id": "2450713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450713" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016373", "reference_id": "show_bug.cgi?id=2016373", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016373" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4688" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-675n-7uzz-pqdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62766?format=api", "vulnerability_id": "VCID-6cx1-8t9m-u3av", "summary": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04688", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04551", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04599", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04594", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04541", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04566", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0886" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978", "reference_id": "2428978", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658", "reference_id": "show_bug.cgi?id=2005658", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0886" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cx1-8t9m-u3av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62726?format=api", "vulnerability_id": "VCID-6fsa-bnes-tkff", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06304", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0615", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06201", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06164", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06137", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06107", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06187", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442333", "reference_id": "2442333", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442333" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013562", "reference_id": "show_bug.cgi?id=2013562", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2765" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fsa-bnes-tkff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62777?format=api", "vulnerability_id": "VCID-6mur-mtfg-97gt", "summary": "A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4371.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4371.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17548", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1764", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1749", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17579", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17659", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17514", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17505", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1756", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17612", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17763", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4371" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451001", "reference_id": "2451001", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451001" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:24:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:24:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023493", "reference_id": "show_bug.cgi?id=2023493", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:24:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023493" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4371" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mur-mtfg-97gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62712?format=api", "vulnerability_id": "VCID-77y6-jskt-qucb", "summary": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15663", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15808", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15811", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18262", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18121", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18108", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18215", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/1018", "reference_id": "1018", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/1018" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1034", "reference_id": "1034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1034" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298", "reference_id": "1115298", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108", "reference_id": "2395108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "reference_url": "https://issues.oss-fuzz.com/issues/439133977", "reference_id": "439133977", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://issues.oss-fuzz.com/issues/439133977" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes", "reference_id": "Changes", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74", "reference_id": "Changes#L45-L74", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19020", "reference_id": "RHSA-2025:19020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19403", "reference_id": "RHSA-2025:19403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21030", "reference_id": "RHSA-2025:21030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21773", "reference_id": "RHSA-2025:21773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21974", "reference_id": "RHSA-2025:21974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22033", "reference_id": "RHSA-2025:22033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22034", "reference_id": "RHSA-2025:22034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22175", "reference_id": "RHSA-2025:22175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22618", "reference_id": "RHSA-2025:22618", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22618" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22935", "reference_id": "RHSA-2025:22935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23202", "reference_id": "RHSA-2025:23202", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23204", "reference_id": "RHSA-2025:23204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23205", "reference_id": "RHSA-2025:23205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23209", "reference_id": "RHSA-2025:23209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23227", "reference_id": "RHSA-2025:23227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23248", "reference_id": "RHSA-2025:23248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23449", "reference_id": "RHSA-2025:23449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23550", "reference_id": "RHSA-2025:23550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0001", "reference_id": "RHSA-2026:0001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0076", "reference_id": "RHSA-2026:0076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0077", "reference_id": "RHSA-2026:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0078", "reference_id": "RHSA-2026:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0326", "reference_id": "RHSA-2026:0326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0332", "reference_id": "RHSA-2026:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0420", "reference_id": "RHSA-2026:0420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0518", "reference_id": "RHSA-2026:0518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0674", "reference_id": "RHSA-2026:0674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0677", "reference_id": "RHSA-2026:0677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0702", "reference_id": "RHSA-2026:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0996", "reference_id": "RHSA-2026:0996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1541", "reference_id": "RHSA-2026:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3407", "reference_id": "RHSA-2026:3407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5396", "reference_id": "RHSA-2026:5396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5396" }, { "reference_url": "https://usn.ubuntu.com/8022-1/", "reference_id": "USN-8022-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8022-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-59375" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77y6-jskt-qucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62722?format=api", "vulnerability_id": "VCID-7wmw-hpfw-vuaa", "summary": "Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33974", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34007", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33981", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3401", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34053", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34054", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34023", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34121", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3402", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33986", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442309", "reference_id": "2442309", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442309" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011063", "reference_id": "show_bug.cgi?id=2011063", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2761" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wmw-hpfw-vuaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62690?format=api", "vulnerability_id": "VCID-8qyy-e4jt-rbc4", "summary": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05256", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05103", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05197", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05142", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05113", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05098", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05168", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450715", "reference_id": "2450715", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450715" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020030", "reference_id": "show_bug.cgi?id=2020030", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4695" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qyy-e4jt-rbc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62767?format=api", "vulnerability_id": "VCID-8u4y-zrhv-8fe9", "summary": "Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02701", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02737", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02714", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02691", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02711", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972", "reference_id": "2428972", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500", "reference_id": "show_bug.cgi?id=2006500", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0887" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u4y-zrhv-8fe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62756?format=api", "vulnerability_id": "VCID-8vka-qus2-tbhj", "summary": "Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03896", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03902", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03927", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03877", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03958", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03839", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03829", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03884", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283", "reference_id": "1128283", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219", "reference_id": "2440219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-10", "reference_id": "mfsa2026-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-10/", "reference_id": "mfsa2026-10", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-11", "reference_id": "mfsa2026-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-11/", "reference_id": "mfsa2026-11", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3967", "reference_id": "RHSA-2026:3967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4447", "reference_id": "RHSA-2026:4447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4629", "reference_id": "RHSA-2026:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5227", "reference_id": "RHSA-2026:5227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5228", "reference_id": "RHSA-2026:5228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5229", "reference_id": "RHSA-2026:5229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5230", "reference_id": "RHSA-2026:5230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5231", "reference_id": "RHSA-2026:5231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5319", "reference_id": "RHSA-2026:5319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5320", "reference_id": "RHSA-2026:5320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5323", "reference_id": "RHSA-2026:5323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5324", "reference_id": "RHSA-2026:5324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5326", "reference_id": "RHSA-2026:5326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014390", "reference_id": "show_bug.cgi?id=2014390", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014390" }, { "reference_url": "https://usn.ubuntu.com/8053-1/", "reference_id": "USN-8053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8053-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-2447" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vka-qus2-tbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62684?format=api", "vulnerability_id": "VCID-8xek-k5y2-6bfp", "summary": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07676", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07536", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07637", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0765", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07649", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07632", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07573", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07556", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07548", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07623", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450718", "reference_id": "2450718", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450718" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016374", "reference_id": "show_bug.cgi?id=2016374", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016374" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4689" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xek-k5y2-6bfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62736?format=api", "vulnerability_id": "VCID-8zy6-g8kn-hbdc", "summary": "Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07695", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07592", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07657", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0767", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07669", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07651", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07619", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07576", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07567", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07642", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442314", "reference_id": "2442314", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442314" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015199", "reference_id": "show_bug.cgi?id=2015199", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015199" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2775" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zy6-g8kn-hbdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349998?format=api", "vulnerability_id": "VCID-9ag7-z86d-nba9", "summary": "Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13876", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13903", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13955", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13912", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18602", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18556", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18547", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897", "reference_id": "2455897", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505", "reference_id": "buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-27/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-29/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068096?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1" } ], "aliases": [ "CVE-2026-5734" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ag7-z86d-nba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62752?format=api", "vulnerability_id": "VCID-9zxb-j4ep-n7g9", "summary": "Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2791.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2791.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2791", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07538", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0741", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07461", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07526", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07523", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07443", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07418", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07421", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07512", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442342", "reference_id": "2442342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442342" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015220", "reference_id": "show_bug.cgi?id=2015220", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015220" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2791" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zxb-j4ep-n7g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62761?format=api", "vulnerability_id": "VCID-a98z-hwzc-wkcj", "summary": "Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0882", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05534", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0882" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966", "reference_id": "2428966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125", "reference_id": "show_bug.cgi?id=1924125", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0882" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a98z-hwzc-wkcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62719?format=api", "vulnerability_id": "VCID-azdd-vdn3-kffy", "summary": "Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20416", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20638", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442337", "reference_id": "2442337", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442337" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009608", "reference_id": "show_bug.cgi?id=2009608", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009608" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2758" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azdd-vdn3-kffy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62701?format=api", "vulnerability_id": "VCID-b4bq-q3ga-3ff1", "summary": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03727", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450755", "reference_id": "2450755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450755" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015267", "reference_id": "show_bug.cgi?id=2015267", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015267" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4707" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4bq-q3ga-3ff1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62725?format=api", "vulnerability_id": "VCID-b5jm-57h2-2qcs", "summary": "JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06626", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06477", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06464", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06543", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06556", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06515", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06441", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06469", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06534", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442329", "reference_id": "2442329", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442329" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012608", "reference_id": "show_bug.cgi?id=2012608", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012608" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2764" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5jm-57h2-2qcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62691?format=api", "vulnerability_id": "VCID-b6sf-z5tm-4uau", "summary": "Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07567", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07439", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07468", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07537", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07527", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07487", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07449", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07524", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450740", "reference_id": "2450740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450740" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020190", "reference_id": "show_bug.cgi?id=2020190", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4696" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6sf-z5tm-4uau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62740?format=api", "vulnerability_id": "VCID-b8dx-232z-qbbc", "summary": "Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06304", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20182", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2032", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20097", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20104", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20162", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442327", "reference_id": "2442327", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442327" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164141", "reference_id": "show_bug.cgi?id=1164141", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164141" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2779" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8dx-232z-qbbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62746?format=api", "vulnerability_id": "VCID-cpez-x3zd-p7bu", "summary": "Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2785.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14955", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15116", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442284", "reference_id": "2442284", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442284" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013549", "reference_id": "show_bug.cgi?id=2013549", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013549" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2785" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpez-x3zd-p7bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62768?format=api", "vulnerability_id": "VCID-deth-9krh-kufj", "summary": "Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04118", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03993", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04028", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04067", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04048", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03981", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04026", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971", "reference_id": "2428971", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081", "reference_id": "show_bug.cgi?id=2005081", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0890" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-deth-9krh-kufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62739?format=api", "vulnerability_id": "VCID-dxwp-5jfs-nuew", "summary": "Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07809", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23109", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23176", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23123", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23102", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442335", "reference_id": "2442335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442335" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016358", "reference_id": "show_bug.cgi?id=2016358", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016358" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2778" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dxwp-5jfs-nuew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62694?format=api", "vulnerability_id": "VCID-e2k8-m9sm-8uek", "summary": "Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450739", "reference_id": "2450739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450739" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021863", "reference_id": "show_bug.cgi?id=2021863", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021863" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4699" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2k8-m9sm-8uek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62697?format=api", "vulnerability_id": "VCID-ft6u-geds-fua9", "summary": "JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450744", "reference_id": "2450744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450744" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013560", "reference_id": "show_bug.cgi?id=2013560", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013560" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4702" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ft6u-geds-fua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62737?format=api", "vulnerability_id": "VCID-gcnq-avax-aqcv", "summary": "Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07809", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23109", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23176", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23123", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23102", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442291", "reference_id": "2442291", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442291" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015266", "reference_id": "show_bug.cgi?id=2015266", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015266" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2776" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcnq-avax-aqcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62687?format=api", "vulnerability_id": "VCID-gkva-6cu9-7keg", "summary": "Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07112", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0698", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06982", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07064", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07075", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07068", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07002", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06948", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06995", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07055", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450748", "reference_id": "2450748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450748" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017643", "reference_id": "show_bug.cgi?id=2017643", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017643" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4692" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkva-6cu9-7keg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62764?format=api", "vulnerability_id": "VCID-h2gc-zk2a-1fg6", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07216", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07092", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07117", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.072", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0717", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07091", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07115", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07178", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07187", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967", "reference_id": "2428967", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588", "reference_id": "show_bug.cgi?id=2003588", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0884" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2gc-zk2a-1fg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62723?format=api", "vulnerability_id": "VCID-hsc9-up4x-nbgs", "summary": "Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2762.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06304", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20182", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2032", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20097", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20104", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20162", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442308", "reference_id": "2442308", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442308" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011649", "reference_id": "show_bug.cgi?id=2011649", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011649" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2762" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsc9-up4x-nbgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62698?format=api", "vulnerability_id": "VCID-hshc-4xnc-gug4", "summary": "Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05256", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05103", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05197", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05142", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05113", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05098", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05168", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450756", "reference_id": "2450756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450756" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014868", "reference_id": "show_bug.cgi?id=2014868", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014868" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4704" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hshc-4xnc-gug4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62711?format=api", "vulnerability_id": "VCID-hstd-23qm-bqdg", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4717" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450712", "reference_id": "2450712", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450712" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021695", "reference_id": "show_bug.cgi?id=2021695", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021695" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4717" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hstd-23qm-bqdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62688?format=api", "vulnerability_id": "VCID-j1hb-8jjy-tqgq", "summary": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450741", "reference_id": "2450741", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450741" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018102", "reference_id": "show_bug.cgi?id=2018102", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018102" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4693" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1hb-8jjy-tqgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62765?format=api", "vulnerability_id": "VCID-jybh-8px4-pqau", "summary": "Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05835", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05686", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05697", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05729", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05657", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05676", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0572", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05726", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961", "reference_id": "2428961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607", "reference_id": "show_bug.cgi?id=2003607", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0885" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jybh-8px4-pqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62762?format=api", "vulnerability_id": "VCID-kk2m-2mxz-sbex", "summary": "Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02659", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02702", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0268", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03403", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03391", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03439", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03521", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14327" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420507", "reference_id": "2420507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420507" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970743", "reference_id": "show_bug.cgi?id=1970743", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970743" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14327" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kk2m-2mxz-sbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62707?format=api", "vulnerability_id": "VCID-kuwd-6tcg-fuha", "summary": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450730", "reference_id": "2450730", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450730" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018113", "reference_id": "show_bug.cgi?id=2018113", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018113" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4713" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwd-6tcg-fuha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62724?format=api", "vulnerability_id": "VCID-m3mp-su9k-sfhs", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06265", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06295", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0631", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06232", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06252", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442316", "reference_id": "2442316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442316" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012018", "reference_id": "show_bug.cgi?id=2012018", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012018" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2763" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3mp-su9k-sfhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62695?format=api", "vulnerability_id": "VCID-m6uv-91wz-xfdv", "summary": "Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06069", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05916", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05901", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05959", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05978", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05939", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05877", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0594", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0595", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4700" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450752", "reference_id": "2450752", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450752" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003766", "reference_id": "show_bug.cgi?id=2003766", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003766" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4700" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6uv-91wz-xfdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62754?format=api", "vulnerability_id": "VCID-menq-g5ce-1yd8", "summary": "Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2793.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2793.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2793", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21656", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21686", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2163", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21763", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21878", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21825", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21679", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21678", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442287", "reference_id": "2442287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442287" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498", "reference_id": "buglist.cgi?bug_id=2015196%2C2016423%2C2016498", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2793" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-menq-g5ce-1yd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62679?format=api", "vulnerability_id": "VCID-mm6w-kpe8-4kg3", "summary": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4684", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02941", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02835", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02854", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02863", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02861", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02837", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02814", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0283", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450721", "reference_id": "2450721", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450721" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011129", "reference_id": "show_bug.cgi?id=2011129", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011129" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4684" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mm6w-kpe8-4kg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62735?format=api", "vulnerability_id": "VCID-mn6j-2wd1-ukfb", "summary": "Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05833", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442290", "reference_id": "2442290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442290" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014883", "reference_id": "show_bug.cgi?id=2014883", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014883" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2774" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mn6j-2wd1-ukfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62758?format=api", "vulnerability_id": "VCID-ndd4-kd1y-z7ep", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07865", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07827", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0784", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07783", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0778", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07739", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07838", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965", "reference_id": "2428965", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989", "reference_id": "show_bug.cgi?id=2003989", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0878" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndd4-kd1y-z7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62730?format=api", "vulnerability_id": "VCID-nhsr-4zux-2bck", "summary": "Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04987", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15526", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15468", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15599", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15634", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15667", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15612", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1566", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15462", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15536", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442295", "reference_id": "2442295", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442295" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014550", "reference_id": "show_bug.cgi?id=2014550", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014550" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2769" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhsr-4zux-2bck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62769?format=api", "vulnerability_id": "VCID-nkpq-9gd6-nuc4", "summary": "Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0682", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06662", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06688", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06742", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06749", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06643", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06673", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963", "reference_id": "2428963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278", "reference_id": "buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0891" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkpq-9gd6-nuc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62728?format=api", "vulnerability_id": "VCID-ntqr-ptmu-yuen", "summary": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15016", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14955", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15116", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442328", "reference_id": "2442328", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442328" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013741", "reference_id": "show_bug.cgi?id=2013741", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013741" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2767" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntqr-ptmu-yuen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62713?format=api", "vulnerability_id": "VCID-nvsz-9s3r-nbhq", "summary": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01757", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01668", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01692", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01686", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01701", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01693", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01691", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01683", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01665", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01676", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4718" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450742", "reference_id": "2450742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450742" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014864", "reference_id": "show_bug.cgi?id=2014864", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014864" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4718" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nvsz-9s3r-nbhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62732?format=api", "vulnerability_id": "VCID-p9zh-7wyj-hffm", "summary": "Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20638", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20418", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442288", "reference_id": "2442288", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442288" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014593", "reference_id": "show_bug.cgi?id=2014593", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014593" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2771" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9zh-7wyj-hffm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62759?format=api", "vulnerability_id": "VCID-pemg-ndu8-wbbc", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07362", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07235", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07319", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07331", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07307", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07252", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07229", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07309", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973", "reference_id": "2428973", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602", "reference_id": "show_bug.cgi?id=2004602", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0879" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pemg-ndu8-wbbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62738?format=api", "vulnerability_id": "VCID-q1pv-avug-juef", "summary": "Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19874", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19843", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19952", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19997", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19977", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19923", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20059", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19871", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19894", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442312", "reference_id": "2442312", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442312" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015305", "reference_id": "show_bug.cgi?id=2015305", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015305" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2777" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1pv-avug-juef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349995?format=api", "vulnerability_id": "VCID-qbzp-euvv-q7c7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5732", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1175", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11789", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11778", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11723", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12843", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12738", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12742", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908", "reference_id": "2455908", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-27/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-29/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017867", "reference_id": "show_bug.cgi?id=2017867", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068096?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1" } ], "aliases": [ "CVE-2026-5732" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbzp-euvv-q7c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62755?format=api", "vulnerability_id": "VCID-qcxw-ds31-3ubd", "summary": "When a user explicitly requested Thunderbird to decrypt an inline\nOpenPGP message that was embedded in a text section of an email\nthat was formatted and styled with HTML and CSS, then the\ndecrypted contents were rendered in a context in which the CSS\nstyles from the outer messages were active. If the user had\nadditionally allowed loading of the remote content referenced by\nthe outer email message, and the email was crafted by the sender\nusing a combination of CSS rules and fonts and animations, then\nit was possible to extract the secret contents of the email.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0818.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0818.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0818", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00374", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00376", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00512", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00509", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00515", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00511", "published_at": "2026-04-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00545", "published_at": "2026-04-21T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00513", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0818" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433720", "reference_id": "2433720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433720" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-07", "reference_id": "mfsa2026-07", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-07/", "reference_id": "mfsa2026-07", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:50:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-07/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-08", "reference_id": "mfsa2026-08", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-08" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-08/", "reference_id": "mfsa2026-08", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:50:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-08/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881530", "reference_id": "show_bug.cgi?id=1881530", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:50:27Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881530" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0818" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qcxw-ds31-3ubd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62700?format=api", "vulnerability_id": "VCID-qkks-24cp-gqg2", "summary": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450714", "reference_id": "2450714", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015091", "reference_id": "show_bug.cgi?id=2015091", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015091" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4706" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkks-24cp-gqg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62760?format=api", "vulnerability_id": "VCID-qm8f-f8nr-qba9", "summary": "Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05534", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975", "reference_id": "2428975", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014", "reference_id": "show_bug.cgi?id=2005014", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0880" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm8f-f8nr-qba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62749?format=api", "vulnerability_id": "VCID-qta2-8rnt-k7d1", "summary": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2788.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06265", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06295", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0631", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06232", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06252", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442302", "reference_id": "2442302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442302" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014824", "reference_id": "show_bug.cgi?id=2014824", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2788" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qta2-8rnt-k7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62734?format=api", "vulnerability_id": "VCID-r7vt-w149-9bfn", "summary": "Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0783", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07891", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07941", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07949", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07934", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07886", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07845", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07927", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442319", "reference_id": "2442319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442319" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014832", "reference_id": "show_bug.cgi?id=2014832", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014832" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2773" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7vt-w149-9bfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62696?format=api", "vulnerability_id": "VCID-rp5h-ym8y-skbw", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4701" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450710", "reference_id": "2450710", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450710" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009303", "reference_id": "show_bug.cgi?id=2009303", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4701" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rp5h-ym8y-skbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62744?format=api", "vulnerability_id": "VCID-sgwe-9xfj-6kav", "summary": "Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12121", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12003", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12269", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12208", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.122", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12149", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12068", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12224", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12007", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12171", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442300", "reference_id": "2442300", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442300" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010943", "reference_id": "show_bug.cgi?id=2010943", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010943" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2783" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgwe-9xfj-6kav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62731?format=api", "vulnerability_id": "VCID-ss9j-7jd7-nbf1", "summary": "Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03498", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442343", "reference_id": "2442343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442343" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014585", "reference_id": "show_bug.cgi?id=2014585", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014585" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2770" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ss9j-7jd7-nbf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62757?format=api", "vulnerability_id": "VCID-t2c3-smqc-zkba", "summary": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06429", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0633", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06302", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06257", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0627", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969", "reference_id": "2428969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257", "reference_id": "show_bug.cgi?id=1999257", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0877" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2c3-smqc-zkba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62680?format=api", "vulnerability_id": "VCID-t4t3-5pt5-ayds", "summary": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4685", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450724", "reference_id": "2450724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450724" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016349", "reference_id": "show_bug.cgi?id=2016349", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016349" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4685" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4t3-5pt5-ayds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62729?format=api", "vulnerability_id": "VCID-te1e-sjsk-bfd8", "summary": "Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26708", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26746", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2675", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26869", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26866", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2696", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26923", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26774", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26767", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26824", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2768" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442298", "reference_id": "2442298", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442298" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014101", "reference_id": "show_bug.cgi?id=2014101", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014101" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2768" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-te1e-sjsk-bfd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62681?format=api", "vulnerability_id": "VCID-u3j3-fc4f-7ff7", "summary": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450734", "reference_id": "2450734", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450734" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016351", "reference_id": "show_bug.cgi?id=2016351", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016351" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4686" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u3j3-fc4f-7ff7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62727?format=api", "vulnerability_id": "VCID-ud33-vgxh-8khj", "summary": "Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2766.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06304", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0615", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06201", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06164", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06137", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06107", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06187", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2766" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442294", "reference_id": "2442294", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442294" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013583", "reference_id": "show_bug.cgi?id=2013583", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2766" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud33-vgxh-8khj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62742?format=api", "vulnerability_id": "VCID-vszp-vyxy-f7g7", "summary": "Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15332", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442292", "reference_id": "2442292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442292" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009552", "reference_id": "show_bug.cgi?id=2009552", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009552" }, { "reference_url": "https://usn.ubuntu.com/8071-1/", "reference_id": "USN-8071-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8071-1/" }, { "reference_url": "https://usn.ubuntu.com/8071-2/", "reference_id": "USN-8071-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8071-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2781" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vszp-vyxy-f7g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62743?format=api", "vulnerability_id": "VCID-w4u8-25rz-gqeq", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15771", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15727", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15778", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15926", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15864", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15979", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15917", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15717", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15795", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15863", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442331", "reference_id": "2442331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442331" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010743", "reference_id": "show_bug.cgi?id=2010743", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2782" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4u8-25rz-gqeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62721?format=api", "vulnerability_id": "VCID-wagm-cq36-k7g3", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2760.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23071", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23109", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23176", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23123", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23102", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442325", "reference_id": "2442325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442325" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011062", "reference_id": "show_bug.cgi?id=2011062", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011062" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2760" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wagm-cq36-k7g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62692?format=api", "vulnerability_id": "VCID-wmyy-2cg3-wyhc", "summary": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05256", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05103", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05197", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05142", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05113", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05098", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05168", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450729", "reference_id": "2450729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450729" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020422", "reference_id": "show_bug.cgi?id=2020422", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020422" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4697" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmyy-2cg3-wyhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62685?format=api", "vulnerability_id": "VCID-wqw2-gjvu-6qbu", "summary": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03218", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0554", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05479", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05518", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05525", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05537", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05562", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05504", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05469", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450732", "reference_id": "2450732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450732" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016375", "reference_id": "show_bug.cgi?id=2016375", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016375" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4690" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqw2-gjvu-6qbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62702?format=api", "vulnerability_id": "VCID-wvx2-pba2-sqha", "summary": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450735", "reference_id": "2450735", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450735" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015268", "reference_id": "show_bug.cgi?id=2015268", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015268" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4708" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvx2-pba2-sqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62720?format=api", "vulnerability_id": "VCID-wwdh-xmux-3qdq", "summary": "Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2759.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2759.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20416", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20638", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442307", "reference_id": "2442307", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442307" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010933", "reference_id": "show_bug.cgi?id=2010933", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010933" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2759" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwdh-xmux-3qdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62745?format=api", "vulnerability_id": "VCID-wwkc-4c69-cbea", "summary": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06141", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19488", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19491", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19624", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1962", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19567", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19764", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19714", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19483", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19517", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19575", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442304", "reference_id": "2442304", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442304" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012984", "reference_id": "show_bug.cgi?id=2012984", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012984" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2784" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwkc-4c69-cbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62733?format=api", "vulnerability_id": "VCID-xcbn-tkgg-4ben", "summary": "Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04801", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442326", "reference_id": "2442326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442326" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014827", "reference_id": "show_bug.cgi?id=2014827", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014827" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2772" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xcbn-tkgg-4ben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62689?format=api", "vulnerability_id": "VCID-yjc2-2whn-uug5", "summary": "Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05569", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.054", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05442", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05448", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05462", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05393", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05469", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05434", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05426", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450747", "reference_id": "2450747", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450747" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018430", "reference_id": "show_bug.cgi?id=2018430", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018430" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4694" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjc2-2whn-uug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62704?format=api", "vulnerability_id": "VCID-ymak-rv52-h7a5", "summary": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450727", "reference_id": "2450727", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450727" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016370", "reference_id": "show_bug.cgi?id=2016370", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016370" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050247?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4710" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymak-rv52-h7a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62763?format=api", "vulnerability_id": "VCID-zdxh-fp2e-47dd", "summary": "Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03163", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03043", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03094", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.031", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03034", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03057", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03069", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968", "reference_id": "2428968", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340", "reference_id": "show_bug.cgi?id=1989340", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049806?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0883" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdxh-fp2e-47dd" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48295?format=api", "vulnerability_id": "VCID-18my-61hh-n3gb", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51779", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51755", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51786", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55374", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55349", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55414", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55403", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55352", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56753", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1934" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349790", "reference_id": "2349790", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349790" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:50:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:50:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:50:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:50:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2359", "reference_id": "RHSA-2025:2359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2452", "reference_id": "RHSA-2025:2452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2479", "reference_id": "RHSA-2025:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2480", "reference_id": "RHSA-2025:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2481", "reference_id": "RHSA-2025:2481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2484", "reference_id": "RHSA-2025:2484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2485", "reference_id": "RHSA-2025:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2486", "reference_id": "RHSA-2025:2486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2699", "reference_id": "RHSA-2025:2699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2708", "reference_id": "RHSA-2025:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2708" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1942881", "reference_id": "show_bug.cgi?id=1942881", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:50:25Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1942881" }, { "reference_url": "https://usn.ubuntu.com/7334-1/", "reference_id": "USN-7334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7334-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1934" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18my-61hh-n3gb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62992?format=api", "vulnerability_id": "VCID-1jqj-tqfp-73f7", "summary": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25477", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25398", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25353", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25514", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30263", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30125", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30168", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30187", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30173", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3022", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420504", "reference_id": "2420504", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420504" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1998050", "reference_id": "show_bug.cgi?id=1998050", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1998050" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14325" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jqj-tqfp-73f7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62930?format=api", "vulnerability_id": "VCID-1xcg-n9k4-tqc4", "summary": "A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1011.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1011.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.40098", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43598", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43642", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43653", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43649", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43662", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43675", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43685", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43637", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43624", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1011" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343756", "reference_id": "2343756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343756" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1066", "reference_id": "RHSA-2025:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1132", "reference_id": "RHSA-2025:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1133", "reference_id": "RHSA-2025:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1135", "reference_id": "RHSA-2025:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1136", "reference_id": "RHSA-2025:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1137", "reference_id": "RHSA-2025:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1138", "reference_id": "RHSA-2025:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1139", "reference_id": "RHSA-2025:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1140", "reference_id": "RHSA-2025:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1283", "reference_id": "RHSA-2025:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936454", "reference_id": "show_bug.cgi?id=1936454", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936454" }, { "reference_url": "https://usn.ubuntu.com/7263-1/", "reference_id": "USN-7263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7263-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1011" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xcg-n9k4-tqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41995?format=api", "vulnerability_id": "VCID-1zf8-qjts-9fbc", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11704.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42099", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42089", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42112", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42061", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42086", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50639", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50617", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11704" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328942", "reference_id": "2328942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328942" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-63/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1899402", "reference_id": "show_bug.cgi?id=1899402", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1899402" }, { "reference_url": "https://usn.ubuntu.com/7134-1/", "reference_id": "USN-7134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-11704" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1zf8-qjts-9fbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48305?format=api", "vulnerability_id": "VCID-2ejc-7bd5-qkbf", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3028.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3028.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72386", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72398", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72327", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72377", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72342", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72308", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72389", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72348", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3028" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3028", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3028" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356562", "reference_id": "2356562", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356562" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-20", "reference_id": "mfsa2025-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "reference_id": "mfsa2025-20", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T20:40:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-21", "reference_id": "mfsa2025-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-21/", "reference_id": "mfsa2025-21", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T20:40:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-22", "reference_id": "mfsa2025-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-22/", "reference_id": "mfsa2025-22", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T20:40:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-23", "reference_id": "mfsa2025-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "reference_id": "mfsa2025-23", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T20:40:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-24", "reference_id": "mfsa2025-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-24/", "reference_id": "mfsa2025-24", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T20:40:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3556", "reference_id": "RHSA-2025:3556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3581", "reference_id": "RHSA-2025:3581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3582", "reference_id": "RHSA-2025:3582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3587", "reference_id": "RHSA-2025:3587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3589", "reference_id": "RHSA-2025:3589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3590", "reference_id": "RHSA-2025:3590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3620", "reference_id": "RHSA-2025:3620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3621", "reference_id": "RHSA-2025:3621", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3621" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3623", "reference_id": "RHSA-2025:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3628", "reference_id": "RHSA-2025:3628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4026", "reference_id": "RHSA-2025:4026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4027", "reference_id": "RHSA-2025:4027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4028", "reference_id": "RHSA-2025:4028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4029", "reference_id": "RHSA-2025:4029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4030", "reference_id": "RHSA-2025:4030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4031", "reference_id": "RHSA-2025:4031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4032", "reference_id": "RHSA-2025:4032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4169", "reference_id": "RHSA-2025:4169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4170", "reference_id": "RHSA-2025:4170", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4170" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7491", "reference_id": "RHSA-2025:7491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7493", "reference_id": "RHSA-2025:7493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7493" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1941002", "reference_id": "show_bug.cgi?id=1941002", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T20:40:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1941002" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-3028" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ejc-7bd5-qkbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62921?format=api", "vulnerability_id": "VCID-3qfb-sxha-v3cw", "summary": "Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10529.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10529.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17358", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17286", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19446", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19485", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19454", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19467", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19544", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395756", "reference_id": "2395756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395756" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490", "reference_id": "show_bug.cgi?id=1970490", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-10529" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qfb-sxha-v3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62969?format=api", "vulnerability_id": "VCID-43nm-4qjy-vfgj", "summary": "On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8028.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8028.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3286", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32824", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39396", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39474", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39422", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39439", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39478", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39467", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39452", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41977", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41907", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8028" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8028", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8028" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382701", "reference_id": "2382701", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382701" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:32:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57", "reference_id": "mfsa2025-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-57/", "reference_id": "mfsa2025-57", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:32:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:32:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:32:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:32:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:32:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:32:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11747", "reference_id": "RHSA-2025:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11748", "reference_id": "RHSA-2025:11748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11797", "reference_id": "RHSA-2025:11797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12044", "reference_id": "RHSA-2025:12044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12045", "reference_id": "RHSA-2025:12045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12046", "reference_id": "RHSA-2025:12046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12187", "reference_id": "RHSA-2025:12187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12188", "reference_id": "RHSA-2025:12188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12278", "reference_id": "RHSA-2025:12278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12302", "reference_id": "RHSA-2025:12302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12353", "reference_id": "RHSA-2025:12353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12360", "reference_id": "RHSA-2025:12360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12361", "reference_id": "RHSA-2025:12361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13645", "reference_id": "RHSA-2025:13645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13646", "reference_id": "RHSA-2025:13646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13647", "reference_id": "RHSA-2025:13647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13648", "reference_id": "RHSA-2025:13648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13649", "reference_id": "RHSA-2025:13649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13650", "reference_id": "RHSA-2025:13650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13651", "reference_id": "RHSA-2025:13651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13676", "reference_id": "RHSA-2025:13676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13676" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581", "reference_id": "show_bug.cgi?id=1971581", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:32:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-8028" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43nm-4qjy-vfgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63013?format=api", "vulnerability_id": "VCID-4bw1-v6ze-kbds", "summary": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13018.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18708", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18559", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18478", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414079", "reference_id": "2414079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414079" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984940", "reference_id": "show_bug.cgi?id=1984940", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984940" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-13018" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bw1-v6ze-kbds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62972?format=api", "vulnerability_id": "VCID-4byg-5gy3-kkff", "summary": "The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8031.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8031.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32792", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32756", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32784", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32736", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32748", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32812", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32789", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3281", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33266", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.3323", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8031" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382704", "reference_id": "2382704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382704" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:56:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:56:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:56:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:56:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:56:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:56:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11747", "reference_id": "RHSA-2025:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11748", "reference_id": "RHSA-2025:11748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11797", "reference_id": "RHSA-2025:11797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12044", "reference_id": "RHSA-2025:12044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12045", "reference_id": "RHSA-2025:12045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12046", "reference_id": "RHSA-2025:12046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12187", "reference_id": "RHSA-2025:12187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12188", "reference_id": "RHSA-2025:12188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12278", "reference_id": "RHSA-2025:12278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12302", "reference_id": "RHSA-2025:12302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12353", "reference_id": "RHSA-2025:12353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12360", "reference_id": "RHSA-2025:12360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12361", "reference_id": "RHSA-2025:12361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13645", "reference_id": "RHSA-2025:13645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13646", "reference_id": "RHSA-2025:13646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13647", "reference_id": "RHSA-2025:13647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13648", "reference_id": "RHSA-2025:13648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13649", "reference_id": "RHSA-2025:13649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13650", "reference_id": "RHSA-2025:13650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13651", "reference_id": "RHSA-2025:13651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13676", "reference_id": "RHSA-2025:13676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13676" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971719", "reference_id": "show_bug.cgi?id=1971719", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:56:53Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971719" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-8031" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4byg-5gy3-kkff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62993?format=api", "vulnerability_id": "VCID-4g7u-xmdq-mkdn", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14328.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14328.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16329", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1647", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16415", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16532", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22404", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22456", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22498", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22539", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14328" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420508", "reference_id": "2420508", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420508" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996761", "reference_id": "show_bug.cgi?id=1996761", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996761" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14328" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4g7u-xmdq-mkdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63038?format=api", "vulnerability_id": "VCID-4gsx-puz4-a3f1", "summary": "Use-after-free in MediaTrackGraphImpl::GetInstance()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24103", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24127", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24141", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24126", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24182", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24224", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24207", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24096", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24309", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403769", "reference_id": "2403769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403769" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988931", "reference_id": "show_bug.cgi?id=1988931", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988931" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-11708" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gsx-puz4-a3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63014?format=api", "vulnerability_id": "VCID-4kd3-95cm-g3fc", "summary": "Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13019.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18708", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18559", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18478", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414084", "reference_id": "2414084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414084" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988412", "reference_id": "show_bug.cgi?id=1988412", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988412" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-13019" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kd3-95cm-g3fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62600?format=api", "vulnerability_id": "VCID-4kmx-pfby-hfbn", "summary": "Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22577", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2792", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27852", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27861", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2806", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27962", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27961", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2862", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28595", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31991", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11159" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896", "reference_id": "2325896", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61", "reference_id": "mfsa2024-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-61/", "reference_id": "mfsa2024-61", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:10:02Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62", "reference_id": "mfsa2024-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-62/", "reference_id": "mfsa2024-62", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:10:02Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-62/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10591", "reference_id": "RHSA-2024:10591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10592", "reference_id": "RHSA-2024:10592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10667", "reference_id": "RHSA-2024:10667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10703", "reference_id": "RHSA-2024:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10704", "reference_id": "RHSA-2024:10704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10710", "reference_id": "RHSA-2024:10710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10733", "reference_id": "RHSA-2024:10733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10734", "reference_id": "RHSA-2024:10734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10748", "reference_id": "RHSA-2024:10748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10748" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925929", "reference_id": "show_bug.cgi?id=1925929", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:10:02Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925929" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-11159" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kmx-pfby-hfbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42004?format=api", "vulnerability_id": "VCID-4zjw-4gjw-pqh1", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0242.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0242.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02414", "scoring_system": "epss", "scoring_elements": "0.85129", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86342", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86394", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86377", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86383", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86385", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86371", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86362", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86343", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86324", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02914", "scoring_system": "epss", "scoring_elements": "0.86399", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0242" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0242" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336181", "reference_id": "2336181", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336181" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1874523%2C1926454%2C1931873%2C1932169", "reference_id": "buglist.cgi?bug_id=1874523%2C1926454%2C1931873%2C1932169", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:40:52Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1874523%2C1926454%2C1931873%2C1932169" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:40:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:40:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-03", "reference_id": "mfsa2025-03", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-03/", "reference_id": "mfsa2025-03", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:40:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:40:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:40:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0080", "reference_id": "RHSA-2025:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0132", "reference_id": "RHSA-2025:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0133", "reference_id": "RHSA-2025:0133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0134", "reference_id": "RHSA-2025:0134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0135", "reference_id": "RHSA-2025:0135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0136", "reference_id": "RHSA-2025:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0137", "reference_id": "RHSA-2025:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0138", "reference_id": "RHSA-2025:0138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0144", "reference_id": "RHSA-2025:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0147", "reference_id": "RHSA-2025:0147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0162", "reference_id": "RHSA-2025:0162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0165", "reference_id": "RHSA-2025:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0166", "reference_id": "RHSA-2025:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0167", "reference_id": "RHSA-2025:0167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0275", "reference_id": "RHSA-2025:0275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0281", "reference_id": "RHSA-2025:0281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0284", "reference_id": "RHSA-2025:0284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0286", "reference_id": "RHSA-2025:0286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0287", "reference_id": "RHSA-2025:0287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0287" }, { "reference_url": "https://usn.ubuntu.com/7191-1/", "reference_id": "USN-7191-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7191-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-0242" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zjw-4gjw-pqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63049?format=api", "vulnerability_id": "VCID-59wd-mtjt-4ban", "summary": "Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11714.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11714.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17421", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17389", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1738", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17374", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17526", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17466", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17547", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17437", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1749", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17539", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403763", "reference_id": "2403763", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403763" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113", "reference_id": "buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-11714" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-59wd-mtjt-4ban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41987?format=api", "vulnerability_id": "VCID-5j6z-g7gt-qyea", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11694.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32759", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32663", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32625", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32653", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32691", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32689", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32664", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32616", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3732", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39421", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11694" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941", "reference_id": "2328941", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-63/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-64/", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-65", "reference_id": "mfsa2024-65", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-65" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-65/", "reference_id": "mfsa2024-65", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-65/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-68/", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-68/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-70", "reference_id": "mfsa2024-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-70" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-70/", "reference_id": "mfsa2024-70", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-70/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10591", "reference_id": "RHSA-2024:10591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10592", "reference_id": "RHSA-2024:10592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10667", "reference_id": "RHSA-2024:10667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10702", "reference_id": "RHSA-2024:10702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10703", "reference_id": "RHSA-2024:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10704", "reference_id": "RHSA-2024:10704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10710", "reference_id": "RHSA-2024:10710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10733", "reference_id": "RHSA-2024:10733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10734", "reference_id": "RHSA-2024:10734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10742", "reference_id": "RHSA-2024:10742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10743", "reference_id": "RHSA-2024:10743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10745", "reference_id": "RHSA-2024:10745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10748", "reference_id": "RHSA-2024:10748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10752", "reference_id": "RHSA-2024:10752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10844", "reference_id": "RHSA-2024:10844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10848", "reference_id": "RHSA-2024:10848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10849", "reference_id": "RHSA-2024:10849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10880", "reference_id": "RHSA-2024:10880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10881", "reference_id": "RHSA-2024:10881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10881" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167", "reference_id": "show_bug.cgi?id=1924167", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167" }, { "reference_url": "https://usn.ubuntu.com/7134-1/", "reference_id": "USN-7134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7134-1/" }, { "reference_url": "https://usn.ubuntu.com/7193-1/", "reference_id": "USN-7193-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7193-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-11694" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5j6z-g7gt-qyea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62997?format=api", "vulnerability_id": "VCID-5kwn-x8e4-ukgq", "summary": "Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14333.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20569", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20646", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20855", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24922", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.2481", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24839", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24828", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24883", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420502", "reference_id": "2420502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420502" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639", "reference_id": "buglist.cgi?bug_id=1966501%2C1997639", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14333" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5kwn-x8e4-ukgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62920?format=api", "vulnerability_id": "VCID-66z1-8zeg-9qh1", "summary": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10528.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2365", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23612", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23566", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23548", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23499", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23428", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25929", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2591", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25881", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25982", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395755", "reference_id": "2395755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395755" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185", "reference_id": "show_bug.cgi?id=1986185", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-10528" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66z1-8zeg-9qh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36147?format=api", "vulnerability_id": "VCID-6bbw-b3rx-a7hj", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10462.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66065", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66077", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66063", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66028", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66058", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66052", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.65994", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6604", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6599", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66023", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10462" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322440", "reference_id": "2322440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322440" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T15:00:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T15:00:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T15:00:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T15:00:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920423", "reference_id": "show_bug.cgi?id=1920423", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T15:00:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920423" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10462" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bbw-b3rx-a7hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63050?format=api", "vulnerability_id": "VCID-6jw1-pere-ruee", "summary": "Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1823", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18203", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1819", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18442", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18497", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18289", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18245", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18296", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18343", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403774", "reference_id": "2403774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403774" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899", "reference_id": "buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-11715" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jw1-pere-ruee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17242?format=api", "vulnerability_id": "VCID-6szy-r2cd-9kfw", "summary": "matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal\n### Summary\n\nmatrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver.\n\n### Details\n\nThe Matrix specification demands homeservers to [perform validation](https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5) of the `server-name` and `media-id` components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent *client-side* path traversal. matrix-js-sdk fails to perform this validation.\n\n### Patches\n\nFixed in matrix-js-sdk 34.11.1.\n\n### Workarounds\n\nNone.\n\n### References\n\n- https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5\n- https://blog.doyensec.com/2024/07/02/cspt2csrf.html", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70702", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00877", "scoring_system": "epss", "scoring_elements": "0.75343", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00877", "scoring_system": "epss", "scoring_elements": "0.75353", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00877", "scoring_system": "epss", "scoring_elements": "0.75346", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00877", "scoring_system": "epss", "scoring_elements": "0.75307", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00877", "scoring_system": "epss", "scoring_elements": "0.7534", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00877", "scoring_system": "epss", "scoring_elements": "0.75308", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00877", "scoring_system": "epss", "scoring_elements": "0.75265", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00877", "scoring_system": "epss", "scoring_elements": "0.75288", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00877", "scoring_system": "epss", "scoring_elements": "0.75318", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50336" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50336", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50336" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/matrix-org/matrix-js-sdk", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/matrix-org/matrix-js-sdk" }, { "reference_url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T17:11:23Z/" } ], "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50336" }, { "reference_url": "https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T17:11:23Z/" } ], "url": "https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5" }, { "reference_url": "https://github.com/advisories/GHSA-xvg8-m4x3-w6xr", "reference_id": "GHSA-xvg8-m4x3-w6xr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvg8-m4x3-w6xr" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-69", "reference_id": "mfsa2024-69", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-69" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-50336", "GHSA-xvg8-m4x3-w6xr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6szy-r2cd-9kfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48296?format=api", "vulnerability_id": "VCID-7eu3-hxbk-8fd7", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1935.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1935.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40763", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40734", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40718", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45432", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53181", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53158", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53198", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53204", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53151", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1935" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349792", "reference_id": "2349792", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349792" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:40:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:40:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:40:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:40:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2359", "reference_id": "RHSA-2025:2359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2452", "reference_id": "RHSA-2025:2452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2479", "reference_id": "RHSA-2025:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2480", "reference_id": "RHSA-2025:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2481", "reference_id": "RHSA-2025:2481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2484", "reference_id": "RHSA-2025:2484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2485", "reference_id": "RHSA-2025:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2486", "reference_id": "RHSA-2025:2486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2699", "reference_id": "RHSA-2025:2699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2708", "reference_id": "RHSA-2025:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2708" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1866661", "reference_id": "show_bug.cgi?id=1866661", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:40:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1866661" }, { "reference_url": "https://usn.ubuntu.com/7334-1/", "reference_id": "USN-7334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7334-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1935" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7eu3-hxbk-8fd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62957?format=api", "vulnerability_id": "VCID-7q66-66b2-kucc", "summary": "Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5266.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5266.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62875", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62896", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62888", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62795", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62863", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62846", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62831", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62802", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62847", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62869", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62881", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5266", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5266" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368755", "reference_id": "2368755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368755" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T14:44:04Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-42/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T14:44:04Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-44/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T14:44:04Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-45/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T14:44:04Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-46/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8293", "reference_id": "RHSA-2025:8293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8308", "reference_id": "RHSA-2025:8308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8341", "reference_id": "RHSA-2025:8341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9071", "reference_id": "RHSA-2025:9071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9072", "reference_id": "RHSA-2025:9072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9073", "reference_id": "RHSA-2025:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9074", "reference_id": "RHSA-2025:9074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9075", "reference_id": "RHSA-2025:9075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9076", "reference_id": "RHSA-2025:9076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9077", "reference_id": "RHSA-2025:9077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9155", "reference_id": "RHSA-2025:9155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9155" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1965628", "reference_id": "show_bug.cgi?id=1965628", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T14:44:04Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1965628" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-5266" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7q66-66b2-kucc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62940?format=api", "vulnerability_id": "VCID-7v6j-9uuc-qkc8", "summary": "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51082", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51098", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51114", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51136", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51092", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51096", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51039", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51119", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51058", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51142", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4919" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367018", "reference_id": "2367018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367018" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-36", "reference_id": "mfsa2025-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-36" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-36/", "reference_id": "mfsa2025-36", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-36/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-37", "reference_id": "mfsa2025-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-37" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-37/", "reference_id": "mfsa2025-37", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-37/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-38", "reference_id": "mfsa2025-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-38" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-38/", "reference_id": "mfsa2025-38", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-38/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-40", "reference_id": "mfsa2025-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-40" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-40/", "reference_id": "mfsa2025-40", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-40/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-41", "reference_id": "mfsa2025-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-41" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-41/", "reference_id": "mfsa2025-41", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-41/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8049", "reference_id": "RHSA-2025:8049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8060", "reference_id": "RHSA-2025:8060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8125", "reference_id": "RHSA-2025:8125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8369", "reference_id": "RHSA-2025:8369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8370", "reference_id": "RHSA-2025:8370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8371", "reference_id": "RHSA-2025:8371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8465", "reference_id": "RHSA-2025:8465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8639", "reference_id": "RHSA-2025:8639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8640", "reference_id": "RHSA-2025:8640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8645", "reference_id": "RHSA-2025:8645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8807", "reference_id": "RHSA-2025:8807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8807" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966614", "reference_id": "show_bug.cgi?id=1966614", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966614" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-4919" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7v6j-9uuc-qkc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62990?format=api", "vulnerability_id": "VCID-84jf-84jx-3fgj", "summary": "Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14323.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14323.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14323", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16898", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16841", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16821", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16767", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22728", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22769", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22683", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22724", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14323" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420513", "reference_id": "2420513", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420513" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-93/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996555", "reference_id": "show_bug.cgi?id=1996555", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996555" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14323" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84jf-84jx-3fgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62939?format=api", "vulnerability_id": "VCID-8hm6-nz5h-yfcm", "summary": "An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4918.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4918.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69783", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69816", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69831", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69846", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.6976", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69849", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69767", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69868", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69858", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4918" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367016", "reference_id": "2367016", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367016" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-36", "reference_id": "mfsa2025-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-36" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-36/", "reference_id": "mfsa2025-36", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-36/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-37", "reference_id": "mfsa2025-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-37" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-37/", "reference_id": "mfsa2025-37", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-37/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-38", "reference_id": "mfsa2025-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-38" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-38/", "reference_id": "mfsa2025-38", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-38/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-40", "reference_id": "mfsa2025-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-40" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-40/", "reference_id": "mfsa2025-40", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-40/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-41", "reference_id": "mfsa2025-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-41" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-41/", "reference_id": "mfsa2025-41", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-41/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8049", "reference_id": "RHSA-2025:8049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8060", "reference_id": "RHSA-2025:8060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8125", "reference_id": "RHSA-2025:8125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8369", "reference_id": "RHSA-2025:8369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8370", "reference_id": "RHSA-2025:8370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8371", "reference_id": "RHSA-2025:8371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8465", "reference_id": "RHSA-2025:8465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8639", "reference_id": "RHSA-2025:8639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8640", "reference_id": "RHSA-2025:8640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8645", "reference_id": "RHSA-2025:8645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8807", "reference_id": "RHSA-2025:8807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8807" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966612", "reference_id": "show_bug.cgi?id=1966612", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T03:55:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966612" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-4918" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hm6-nz5h-yfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41991?format=api", "vulnerability_id": "VCID-8k4z-rq29-mqg5", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11697.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22135", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2202", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22081", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22104", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22048", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21968", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22184", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22018", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25514", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26995", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950", "reference_id": "2328950", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-63/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-64/", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-68/", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-68/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10591", "reference_id": "RHSA-2024:10591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10592", "reference_id": "RHSA-2024:10592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10667", "reference_id": "RHSA-2024:10667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10702", "reference_id": "RHSA-2024:10702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10703", "reference_id": "RHSA-2024:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10704", "reference_id": "RHSA-2024:10704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10710", "reference_id": "RHSA-2024:10710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10733", "reference_id": "RHSA-2024:10733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10734", "reference_id": "RHSA-2024:10734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10742", "reference_id": "RHSA-2024:10742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10743", "reference_id": "RHSA-2024:10743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10745", "reference_id": "RHSA-2024:10745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10748", "reference_id": "RHSA-2024:10748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10752", "reference_id": "RHSA-2024:10752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10844", "reference_id": "RHSA-2024:10844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10848", "reference_id": "RHSA-2024:10848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10849", "reference_id": "RHSA-2024:10849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10880", "reference_id": "RHSA-2024:10880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10881", "reference_id": "RHSA-2024:10881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10881" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187", "reference_id": "show_bug.cgi?id=1842187", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187" }, { "reference_url": "https://usn.ubuntu.com/7134-1/", "reference_id": "USN-7134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-11697" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8k4z-rq29-mqg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48307?format=api", "vulnerability_id": "VCID-8san-ze3j-dqdx", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3030.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3030.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63019", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.6304", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62983", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63018", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63032", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63015", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62947", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62954", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63033", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62996", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3030" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356563", "reference_id": "2356563", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356563" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494", "reference_id": "buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T03:55:42Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-20", "reference_id": "mfsa2025-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "reference_id": "mfsa2025-20", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T03:55:42Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-22", "reference_id": "mfsa2025-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-22/", "reference_id": "mfsa2025-22", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T03:55:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-23", "reference_id": "mfsa2025-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "reference_id": "mfsa2025-23", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T03:55:42Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-24", "reference_id": "mfsa2025-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-24/", "reference_id": "mfsa2025-24", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T03:55:42Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3556", "reference_id": "RHSA-2025:3556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3581", "reference_id": "RHSA-2025:3581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3582", "reference_id": "RHSA-2025:3582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3587", "reference_id": "RHSA-2025:3587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3589", "reference_id": "RHSA-2025:3589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3590", "reference_id": "RHSA-2025:3590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3620", "reference_id": "RHSA-2025:3620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3621", "reference_id": "RHSA-2025:3621", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3621" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3623", "reference_id": "RHSA-2025:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3628", "reference_id": "RHSA-2025:3628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4026", "reference_id": "RHSA-2025:4026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4027", "reference_id": "RHSA-2025:4027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4028", "reference_id": "RHSA-2025:4028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4029", "reference_id": "RHSA-2025:4029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4030", "reference_id": "RHSA-2025:4030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4031", "reference_id": "RHSA-2025:4031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4032", "reference_id": "RHSA-2025:4032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4169", "reference_id": "RHSA-2025:4169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4170", "reference_id": "RHSA-2025:4170", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4170" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7491", "reference_id": "RHSA-2025:7491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7493", "reference_id": "RHSA-2025:7493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7493" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-3030" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8san-ze3j-dqdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62925?format=api", "vulnerability_id": "VCID-93au-w2zh-3yhg", "summary": "Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10533.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10533.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10533", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24553", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24518", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24463", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24448", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24335", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26524", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26459", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26574", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26497", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26517", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395766", "reference_id": "2395766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395766" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-74", "reference_id": "mfsa2025-74", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-74" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-74/", "reference_id": "mfsa2025-74", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-74/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788", "reference_id": "show_bug.cgi?id=1980788", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-10533" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93au-w2zh-3yhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48300?format=api", "vulnerability_id": "VCID-95vw-esba-23a2", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1937.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1937.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43897", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43852", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43889", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48979", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49241", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49262", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49244", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49248", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49193", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1937" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1937", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1937" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349795", "reference_id": "2349795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349795" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716", "reference_id": "buglist.cgi?bug_id=1938471%2C1940716", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:10Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15", "reference_id": "mfsa2025-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-15/", "reference_id": "mfsa2025-15", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2359", "reference_id": "RHSA-2025:2359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2452", "reference_id": "RHSA-2025:2452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2479", "reference_id": "RHSA-2025:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2480", "reference_id": "RHSA-2025:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2481", "reference_id": "RHSA-2025:2481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2484", "reference_id": "RHSA-2025:2484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2485", "reference_id": "RHSA-2025:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2486", "reference_id": "RHSA-2025:2486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2699", "reference_id": "RHSA-2025:2699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2708", "reference_id": "RHSA-2025:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2899", "reference_id": "RHSA-2025:2899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2900", "reference_id": "RHSA-2025:2900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2957", "reference_id": "RHSA-2025:2957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2957" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2958", "reference_id": "RHSA-2025:2958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2959", "reference_id": "RHSA-2025:2959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2960", "reference_id": "RHSA-2025:2960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3009", "reference_id": "RHSA-2025:3009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3013", "reference_id": "RHSA-2025:3013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3036", "reference_id": "RHSA-2025:3036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3036" }, { "reference_url": "https://usn.ubuntu.com/7334-1/", "reference_id": "USN-7334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7334-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1937" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95vw-esba-23a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63011?format=api", "vulnerability_id": "VCID-962a-dwqf-3ycg", "summary": "Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13016.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09765", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14709", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14672", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14515", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23702", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23596", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23525", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414083", "reference_id": "2414083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414083" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992130", "reference_id": "show_bug.cgi?id=1992130", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992130" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-13016" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-962a-dwqf-3ycg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56158?format=api", "vulnerability_id": "VCID-98mt-7srw-qfh4", "summary": "A vulnerability has been discovered in libvpx, which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5283.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50744", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50764", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50758", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50733", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50714", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50707", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50663", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50718", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50756", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106689", "reference_id": "1106689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106689" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368749", "reference_id": "2368749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368749" }, { "reference_url": "https://issues.chromium.org/issues/419467315", "reference_id": "419467315", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:25:59Z/" } ], "url": "https://issues.chromium.org/issues/419467315" }, { "reference_url": "https://security.gentoo.org/glsa/202509-07", "reference_id": "GLSA-202509-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43", "reference_id": "mfsa2025-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8293", "reference_id": "RHSA-2025:8293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8308", "reference_id": "RHSA-2025:8308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8341", "reference_id": "RHSA-2025:8341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9071", "reference_id": "RHSA-2025:9071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9072", "reference_id": "RHSA-2025:9072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9073", "reference_id": "RHSA-2025:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9074", "reference_id": "RHSA-2025:9074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9075", "reference_id": "RHSA-2025:9075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9076", "reference_id": "RHSA-2025:9076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9077", "reference_id": "RHSA-2025:9077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9118", "reference_id": "RHSA-2025:9118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9119", "reference_id": "RHSA-2025:9119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9120", "reference_id": "RHSA-2025:9120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9122", "reference_id": "RHSA-2025:9122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9123", "reference_id": "RHSA-2025:9123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9124", "reference_id": "RHSA-2025:9124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9125", "reference_id": "RHSA-2025:9125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9126", "reference_id": "RHSA-2025:9126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9127", "reference_id": "RHSA-2025:9127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9128", "reference_id": "RHSA-2025:9128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9155", "reference_id": "RHSA-2025:9155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9331", "reference_id": "RHSA-2025:9331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9331" }, { "reference_url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html", "reference_id": "stable-channel-update-for-desktop_27.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:25:59Z/" } ], "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" }, { "reference_url": "https://usn.ubuntu.com/7551-1/", "reference_id": "USN-7551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7551-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-5283" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98mt-7srw-qfh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62945?format=api", "vulnerability_id": "VCID-9rm3-u7dy-zuhu", "summary": "Same-origin policy bypass in the Graphics: Canvas2D component.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08978", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08829", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08854", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08963", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08975", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09012", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08903", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09013", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08981", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08973", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08922", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389581", "reference_id": "2389581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389581" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-64", "reference_id": "mfsa2025-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "reference_id": "mfsa2025-64", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:05:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-65", "reference_id": "mfsa2025-65", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-65" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-65/", "reference_id": "mfsa2025-65", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:05:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-65/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-66", "reference_id": "mfsa2025-66", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-66" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-66/", "reference_id": "mfsa2025-66", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:05:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-66/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-67", "reference_id": "mfsa2025-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "reference_id": "mfsa2025-67", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:05:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-70", "reference_id": "mfsa2025-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-70" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "reference_id": "mfsa2025-70", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:05:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-70/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-71", "reference_id": "mfsa2025-71", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-71" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-71/", "reference_id": "mfsa2025-71", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:05:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-71/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-72", "reference_id": "mfsa2025-72", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-72" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "reference_id": "mfsa2025-72", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:05:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-72/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14416", "reference_id": "RHSA-2025:14416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14417", "reference_id": "RHSA-2025:14417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14442", "reference_id": "RHSA-2025:14442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14640", "reference_id": "RHSA-2025:14640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14743", "reference_id": "RHSA-2025:14743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14844", "reference_id": "RHSA-2025:14844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15418", "reference_id": "RHSA-2025:15418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15419", "reference_id": "RHSA-2025:15419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15420", "reference_id": "RHSA-2025:15420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15421", "reference_id": "RHSA-2025:15421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15422", "reference_id": "RHSA-2025:15422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15423", "reference_id": "RHSA-2025:15423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15424", "reference_id": "RHSA-2025:15424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15430", "reference_id": "RHSA-2025:15430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15434", "reference_id": "RHSA-2025:15434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15435", "reference_id": "RHSA-2025:15435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15436", "reference_id": "RHSA-2025:15436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15437", "reference_id": "RHSA-2025:15437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15438", "reference_id": "RHSA-2025:15438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15496", "reference_id": "RHSA-2025:15496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15535", "reference_id": "RHSA-2025:15535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15535" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782", "reference_id": "show_bug.cgi?id=1979782", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:05:47Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-9180" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9rm3-u7dy-zuhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62955?format=api", "vulnerability_id": "VCID-a8vw-n16x-duee", "summary": "Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5264.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5264.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32997", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33034", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33056", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33014", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32998", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33044", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33169", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33136", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33039", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33077", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5264" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5264", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5264" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368751", "reference_id": "2368751", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368751" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-42/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43", "reference_id": "mfsa2025-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-43/", "reference_id": "mfsa2025-43", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-43/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-44/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-45/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-46/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8293", "reference_id": "RHSA-2025:8293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8308", "reference_id": "RHSA-2025:8308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8341", "reference_id": "RHSA-2025:8341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9071", "reference_id": "RHSA-2025:9071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9072", "reference_id": "RHSA-2025:9072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9073", "reference_id": "RHSA-2025:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9074", "reference_id": "RHSA-2025:9074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9075", "reference_id": "RHSA-2025:9075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9076", "reference_id": "RHSA-2025:9076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9077", "reference_id": "RHSA-2025:9077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9155", "reference_id": "RHSA-2025:9155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9155" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950001", "reference_id": "show_bug.cgi?id=1950001", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950001" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-5264" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8vw-n16x-duee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36145?format=api", "vulnerability_id": "VCID-aemu-emvp-hkfh", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10460.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10460.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61919", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61936", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61931", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61832", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61883", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61834", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61862", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61908", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.6192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61899", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10460" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322444", "reference_id": "2322444", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322444" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:40:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:40:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:40:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:40:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1912537", "reference_id": "show_bug.cgi?id=1912537", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:40:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1912537" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10460" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aemu-emvp-hkfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63022?format=api", "vulnerability_id": "VCID-as4y-nhw6-akfx", "summary": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4087.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4087.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63068", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63011", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63046", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.6306", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63043", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63027", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62976", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62982", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63061", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63024", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362904", "reference_id": "2362904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362904" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-28", "reference_id": "mfsa2025-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "reference_id": "mfsa2025-28", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-29", "reference_id": "mfsa2025-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "reference_id": "mfsa2025-29", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-29/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-31", "reference_id": "mfsa2025-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "reference_id": "mfsa2025-31", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-32", "reference_id": "mfsa2025-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "reference_id": "mfsa2025-32", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-32/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4443", "reference_id": "RHSA-2025:4443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4458", "reference_id": "RHSA-2025:4458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4460", "reference_id": "RHSA-2025:4460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4751", "reference_id": "RHSA-2025:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4751" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4752", "reference_id": "RHSA-2025:4752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4753", "reference_id": "RHSA-2025:4753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4756", "reference_id": "RHSA-2025:4756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4797", "reference_id": "RHSA-2025:4797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7428", "reference_id": "RHSA-2025:7428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7506", "reference_id": "RHSA-2025:7506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7543", "reference_id": "RHSA-2025:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7544", "reference_id": "RHSA-2025:7544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7545", "reference_id": "RHSA-2025:7545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7547", "reference_id": "RHSA-2025:7547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7547" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7689", "reference_id": "RHSA-2025:7689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7690", "reference_id": "RHSA-2025:7690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7691", "reference_id": "RHSA-2025:7691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7692", "reference_id": "RHSA-2025:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7693", "reference_id": "RHSA-2025:7693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7694", "reference_id": "RHSA-2025:7694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7695", "reference_id": "RHSA-2025:7695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7695" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465", "reference_id": "show_bug.cgi?id=1952465", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-4087" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-as4y-nhw6-akfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63008?format=api", "vulnerability_id": "VCID-b3rg-quvp-2uha", "summary": "A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61101", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61118", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61052", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61089", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61102", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61081", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61065", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61017", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61023", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61111", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61069", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4083" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362907", "reference_id": "2362907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362907" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-28", "reference_id": "mfsa2025-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "reference_id": "mfsa2025-28", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-29", "reference_id": "mfsa2025-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "reference_id": "mfsa2025-29", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-29/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-30", "reference_id": "mfsa2025-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-30/", "reference_id": "mfsa2025-30", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-31", "reference_id": "mfsa2025-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "reference_id": "mfsa2025-31", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-32", "reference_id": "mfsa2025-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "reference_id": "mfsa2025-32", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-32/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4443", "reference_id": "RHSA-2025:4443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4458", "reference_id": "RHSA-2025:4458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4460", "reference_id": "RHSA-2025:4460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4751", "reference_id": "RHSA-2025:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4751" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4752", "reference_id": "RHSA-2025:4752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4753", "reference_id": "RHSA-2025:4753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4756", "reference_id": "RHSA-2025:4756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4797", "reference_id": "RHSA-2025:4797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7428", "reference_id": "RHSA-2025:7428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7506", "reference_id": "RHSA-2025:7506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7543", "reference_id": "RHSA-2025:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7544", "reference_id": "RHSA-2025:7544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7545", "reference_id": "RHSA-2025:7545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7547", "reference_id": "RHSA-2025:7547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7547" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7689", "reference_id": "RHSA-2025:7689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7690", "reference_id": "RHSA-2025:7690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7691", "reference_id": "RHSA-2025:7691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7692", "reference_id": "RHSA-2025:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7693", "reference_id": "RHSA-2025:7693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7694", "reference_id": "RHSA-2025:7694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7695", "reference_id": "RHSA-2025:7695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7695" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958350", "reference_id": "show_bug.cgi?id=1958350", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958350" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-4083" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3rg-quvp-2uha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61340?format=api", "vulnerability_id": "VCID-b5t3-yqha-xyeq", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29894", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36776", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40008", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39931", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39984", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39998", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39972", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40002", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39952", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.4001", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26696" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351157", "reference_id": "2351157", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351157" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:15:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:15:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864205", "reference_id": "show_bug.cgi?id=1864205", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:15:27Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864205" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-26696" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5t3-yqha-xyeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41988?format=api", "vulnerability_id": "VCID-bjny-apx2-8ba1", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32591", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32466", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32492", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3253", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32526", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32498", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3245", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32627", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32501", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37155", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39232", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948", "reference_id": "2328948", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:43:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-63/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-64/", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:43:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:43:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-68/", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:43:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-68/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10591", "reference_id": "RHSA-2024:10591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10592", "reference_id": "RHSA-2024:10592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10667", "reference_id": "RHSA-2024:10667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10702", "reference_id": "RHSA-2024:10702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10703", "reference_id": "RHSA-2024:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10704", "reference_id": "RHSA-2024:10704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10710", "reference_id": "RHSA-2024:10710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10733", "reference_id": "RHSA-2024:10733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10734", "reference_id": "RHSA-2024:10734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10742", "reference_id": "RHSA-2024:10742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10743", "reference_id": "RHSA-2024:10743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10745", "reference_id": "RHSA-2024:10745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10748", "reference_id": "RHSA-2024:10748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10752", "reference_id": "RHSA-2024:10752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10844", "reference_id": "RHSA-2024:10844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10848", "reference_id": "RHSA-2024:10848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10849", "reference_id": "RHSA-2024:10849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10880", "reference_id": "RHSA-2024:10880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10881", "reference_id": "RHSA-2024:10881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10881" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496", "reference_id": "show_bug.cgi?id=1925496", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:43:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496" }, { "reference_url": "https://usn.ubuntu.com/7134-1/", "reference_id": "USN-7134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-11695" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjny-apx2-8ba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36144?format=api", "vulnerability_id": "VCID-bwk4-hqx8-97dy", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72276", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72289", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.7228", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72237", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.7222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72195", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.722", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72267", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72244", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72232", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10459" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322429", "reference_id": "2322429", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322429" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-57", "reference_id": "mfsa2024-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-57" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-57/", "reference_id": "mfsa2024-57", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-57/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1919087", "reference_id": "show_bug.cgi?id=1919087", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1919087" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10459" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwk4-hqx8-97dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62910?format=api", "vulnerability_id": "VCID-bzgb-mdsk-yua6", "summary": "An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69396", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74074", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.7402", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74083", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74061", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74039", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74025", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.73991", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74042", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.73995", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1009" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343760", "reference_id": "2343760", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343760" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-08", "reference_id": "mfsa2025-08", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-08" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-08/", "reference_id": "mfsa2025-08", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1066", "reference_id": "RHSA-2025:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1132", "reference_id": "RHSA-2025:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1133", "reference_id": "RHSA-2025:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1135", "reference_id": "RHSA-2025:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1136", "reference_id": "RHSA-2025:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1137", "reference_id": "RHSA-2025:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1138", "reference_id": "RHSA-2025:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1139", "reference_id": "RHSA-2025:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1140", "reference_id": "RHSA-2025:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1283", "reference_id": "RHSA-2025:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936613", "reference_id": "show_bug.cgi?id=1936613", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936613" }, { "reference_url": "https://usn.ubuntu.com/7263-1/", "reference_id": "USN-7263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7263-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1009" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bzgb-mdsk-yua6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62929?format=api", "vulnerability_id": "VCID-c6rx-p235-9bdz", "summary": "Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10537.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10537.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18899", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18846", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18758", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18753", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18699", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18619", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2103", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2104", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21018", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21091", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395759", "reference_id": "2395759", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395759" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067", "reference_id": "buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-10537" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6rx-p235-9bdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62913?format=api", "vulnerability_id": "VCID-cypj-1jsu-cbh5", "summary": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1016.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54479", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54501", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54497", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54486", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54492", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.5444", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.5448", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54449", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1016" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343752", "reference_id": "2343752", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343752" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994", "reference_id": "buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-08", "reference_id": "mfsa2025-08", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-08" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-08/", "reference_id": "mfsa2025-08", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1066", "reference_id": "RHSA-2025:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1132", "reference_id": "RHSA-2025:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1133", "reference_id": "RHSA-2025:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1135", "reference_id": "RHSA-2025:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1136", "reference_id": "RHSA-2025:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1137", "reference_id": "RHSA-2025:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1138", "reference_id": "RHSA-2025:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1139", "reference_id": "RHSA-2025:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1140", "reference_id": "RHSA-2025:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1283", "reference_id": "RHSA-2025:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://usn.ubuntu.com/7263-1/", "reference_id": "USN-7263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7263-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1016" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cypj-1jsu-cbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62994?format=api", "vulnerability_id": "VCID-db28-rbyf-1qf4", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14329.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14329.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14329", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16329", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1647", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16415", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16532", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22404", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22456", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22498", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22539", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420509", "reference_id": "2420509", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420509" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997018", "reference_id": "show_bug.cgi?id=1997018", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997018" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14329" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db28-rbyf-1qf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62961?format=api", "vulnerability_id": "VCID-dcjm-7xcr-ayew", "summary": "Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5268.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5268.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5268", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63019", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.6304", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63033", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62983", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63015", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62947", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62954", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62996", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63018", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63032", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5268" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5268" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368752", "reference_id": "2368752", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368752" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634", "reference_id": "buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:56Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-42/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-44/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-45/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-46/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8293", "reference_id": "RHSA-2025:8293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8308", "reference_id": "RHSA-2025:8308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8341", "reference_id": "RHSA-2025:8341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9071", "reference_id": "RHSA-2025:9071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9072", "reference_id": "RHSA-2025:9072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9073", "reference_id": "RHSA-2025:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9074", "reference_id": "RHSA-2025:9074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9075", "reference_id": "RHSA-2025:9075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9076", "reference_id": "RHSA-2025:9076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9077", "reference_id": "RHSA-2025:9077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9155", "reference_id": "RHSA-2025:9155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9155" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-5268" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dcjm-7xcr-ayew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62928?format=api", "vulnerability_id": "VCID-ddwf-z514-hbbj", "summary": "Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10536.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10536.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10536", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04687", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04666", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04738", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04747", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04701", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05586", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05632", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05598", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05755", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05639", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395764", "reference_id": "2395764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395764" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502", "reference_id": "show_bug.cgi?id=1981502", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-10536" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddwf-z514-hbbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63010?format=api", "vulnerability_id": "VCID-dgwm-n1zx-qkbq", "summary": "Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13012.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09746", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09604", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09632", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10314", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16207", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22362", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22319", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2223", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22148", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414086", "reference_id": "2414086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414086" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-89/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991458", "reference_id": "show_bug.cgi?id=1991458", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991458" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-13012" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgwm-n1zx-qkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41989?format=api", "vulnerability_id": "VCID-dh5k-q87q-4qfs", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13839", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13713", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13799", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13831", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1378", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13698", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13625", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17549", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18978", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11696" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943", "reference_id": "2328943", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-63/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-64/", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-68/", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-68/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10591", "reference_id": "RHSA-2024:10591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10592", "reference_id": "RHSA-2024:10592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10667", "reference_id": "RHSA-2024:10667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10702", "reference_id": "RHSA-2024:10702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10703", "reference_id": "RHSA-2024:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10704", "reference_id": "RHSA-2024:10704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10710", "reference_id": "RHSA-2024:10710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10733", "reference_id": "RHSA-2024:10733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10734", "reference_id": "RHSA-2024:10734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10742", "reference_id": "RHSA-2024:10742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10743", "reference_id": "RHSA-2024:10743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10745", "reference_id": "RHSA-2024:10745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10748", "reference_id": "RHSA-2024:10748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10752", "reference_id": "RHSA-2024:10752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10844", "reference_id": "RHSA-2024:10844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10848", "reference_id": "RHSA-2024:10848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10849", "reference_id": "RHSA-2024:10849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10880", "reference_id": "RHSA-2024:10880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10881", "reference_id": "RHSA-2024:10881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10881" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600", "reference_id": "show_bug.cgi?id=1929600", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600" }, { "reference_url": "https://usn.ubuntu.com/7134-1/", "reference_id": "USN-7134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-11696" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dh5k-q87q-4qfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63037?format=api", "vulnerability_id": "VCID-dp5j-4mzw-pqer", "summary": "Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62328", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62304", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62236", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62286", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62323", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6224", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62344", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62337", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62291", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62313", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6227", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362915", "reference_id": "2362915", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362915" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-29", "reference_id": "mfsa2025-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "reference_id": "mfsa2025-29", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-29/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-32", "reference_id": "mfsa2025-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "reference_id": "mfsa2025-32", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-32/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4443", "reference_id": "RHSA-2025:4443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4458", "reference_id": "RHSA-2025:4458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4460", "reference_id": "RHSA-2025:4460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4751", "reference_id": "RHSA-2025:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4751" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4752", "reference_id": "RHSA-2025:4752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4753", "reference_id": "RHSA-2025:4753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4756", "reference_id": "RHSA-2025:4756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4797", "reference_id": "RHSA-2025:4797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7428", "reference_id": "RHSA-2025:7428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7506", "reference_id": "RHSA-2025:7506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7543", "reference_id": "RHSA-2025:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7544", "reference_id": "RHSA-2025:7544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7545", "reference_id": "RHSA-2025:7545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7547", "reference_id": "RHSA-2025:7547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7547" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7689", "reference_id": "RHSA-2025:7689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7690", "reference_id": "RHSA-2025:7690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7691", "reference_id": "RHSA-2025:7691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7692", "reference_id": "RHSA-2025:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7693", "reference_id": "RHSA-2025:7693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7694", "reference_id": "RHSA-2025:7694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7695", "reference_id": "RHSA-2025:7695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7695" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1894100", "reference_id": "show_bug.cgi?id=1894100", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1894100" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-4093" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5j-4mzw-pqer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36149?format=api", "vulnerability_id": "VCID-ds2y-kn7q-vuct", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10464.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66945", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66963", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66949", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66916", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66947", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66961", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66941", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.6688", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66927", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66879", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66906", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10464" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322424", "reference_id": "2322424", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322424" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:48:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:48:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:48:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:48:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1913000", "reference_id": "show_bug.cgi?id=1913000", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:48:10Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1913000" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10464" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ds2y-kn7q-vuct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63016?format=api", "vulnerability_id": "VCID-e7jk-vs8y-fyhr", "summary": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13020.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13020.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10935", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10739", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10752", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17663", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23702", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23596", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23525", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414085", "reference_id": "2414085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414085" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1995686", "reference_id": "show_bug.cgi?id=1995686", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1995686" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-13020" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7jk-vs8y-fyhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42001?format=api", "vulnerability_id": "VCID-f1zm-g4es-vfbz", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0239.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08677", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08546", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08658", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08671", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08694", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0867", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08626", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08687", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08534", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336170", "reference_id": "2336170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336170" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:33:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:33:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:33:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:33:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0080", "reference_id": "RHSA-2025:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0132", "reference_id": "RHSA-2025:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0133", "reference_id": "RHSA-2025:0133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0134", "reference_id": "RHSA-2025:0134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0135", "reference_id": "RHSA-2025:0135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0136", "reference_id": "RHSA-2025:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0137", "reference_id": "RHSA-2025:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0138", "reference_id": "RHSA-2025:0138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0144", "reference_id": "RHSA-2025:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0147", "reference_id": "RHSA-2025:0147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0162", "reference_id": "RHSA-2025:0162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0165", "reference_id": "RHSA-2025:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0166", "reference_id": "RHSA-2025:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0167", "reference_id": "RHSA-2025:0167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0275", "reference_id": "RHSA-2025:0275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0281", "reference_id": "RHSA-2025:0281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0284", "reference_id": "RHSA-2025:0284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0286", "reference_id": "RHSA-2025:0286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0287", "reference_id": "RHSA-2025:0287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0287" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929156", "reference_id": "show_bug.cgi?id=1929156", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:33:42Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929156" }, { "reference_url": "https://usn.ubuntu.com/7191-1/", "reference_id": "USN-7191-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7191-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-0239" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1zm-g4es-vfbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62944?format=api", "vulnerability_id": "VCID-f2tn-1hq4-uffa", "summary": "An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9179.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30567", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30601", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30619", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30638", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30683", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30587", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30679", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30646", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30772", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30724", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9179" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389580", "reference_id": "2389580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389580" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-64", "reference_id": "mfsa2025-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "reference_id": "mfsa2025-64", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:06:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-65", "reference_id": "mfsa2025-65", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-65" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-65/", "reference_id": "mfsa2025-65", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:06:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-65/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-66", "reference_id": "mfsa2025-66", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-66" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-66/", "reference_id": "mfsa2025-66", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:06:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-66/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-67", "reference_id": "mfsa2025-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "reference_id": "mfsa2025-67", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:06:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-70", "reference_id": "mfsa2025-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-70" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "reference_id": "mfsa2025-70", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:06:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-70/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-71", "reference_id": "mfsa2025-71", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-71" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-71/", "reference_id": "mfsa2025-71", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:06:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-71/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-72", "reference_id": "mfsa2025-72", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-72" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "reference_id": "mfsa2025-72", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:06:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-72/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14416", "reference_id": "RHSA-2025:14416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14417", "reference_id": "RHSA-2025:14417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14442", "reference_id": "RHSA-2025:14442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14640", "reference_id": "RHSA-2025:14640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14743", "reference_id": "RHSA-2025:14743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14844", "reference_id": "RHSA-2025:14844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15418", "reference_id": "RHSA-2025:15418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15419", "reference_id": "RHSA-2025:15419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15420", "reference_id": "RHSA-2025:15420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15421", "reference_id": "RHSA-2025:15421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15422", "reference_id": "RHSA-2025:15422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15423", "reference_id": "RHSA-2025:15423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15424", "reference_id": "RHSA-2025:15424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15430", "reference_id": "RHSA-2025:15430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15434", "reference_id": "RHSA-2025:15434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15435", "reference_id": "RHSA-2025:15435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15436", "reference_id": "RHSA-2025:15436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15437", "reference_id": "RHSA-2025:15437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15438", "reference_id": "RHSA-2025:15438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15496", "reference_id": "RHSA-2025:15496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15535", "reference_id": "RHSA-2025:15535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15535" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979527", "reference_id": "show_bug.cgi?id=1979527", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-20T14:06:11Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979527" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-9179" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2tn-1hq4-uffa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62935?format=api", "vulnerability_id": "VCID-f5w8-j656-akf4", "summary": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54039", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.5395", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54013", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54031", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54049", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53975", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54057", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54053", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53948", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343748", "reference_id": "2343748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343748" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471", "reference_id": "buglist.cgi?bug_id=1926256%2C1935984%2C1935471", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1066", "reference_id": "RHSA-2025:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1132", "reference_id": "RHSA-2025:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1133", "reference_id": "RHSA-2025:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1135", "reference_id": "RHSA-2025:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1136", "reference_id": "RHSA-2025:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1137", "reference_id": "RHSA-2025:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1138", "reference_id": "RHSA-2025:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1139", "reference_id": "RHSA-2025:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1140", "reference_id": "RHSA-2025:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1283", "reference_id": "RHSA-2025:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://usn.ubuntu.com/7263-1/", "reference_id": "USN-7263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7263-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1017" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5w8-j656-akf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62973?format=api", "vulnerability_id": "VCID-ffd7-y29n-6fan", "summary": "XSLT document loading did not correctly propagate the source document which bypassed its CSP.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8032.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8032.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15213", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15145", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22285", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22202", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22319", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2226", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2236", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22265", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2234", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24006", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23988", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8032" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382718", "reference_id": "2382718", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382718" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:55:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11747", "reference_id": "RHSA-2025:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11748", "reference_id": "RHSA-2025:11748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11797", "reference_id": "RHSA-2025:11797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12044", "reference_id": "RHSA-2025:12044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12045", "reference_id": "RHSA-2025:12045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12046", "reference_id": "RHSA-2025:12046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12187", "reference_id": "RHSA-2025:12187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12188", "reference_id": "RHSA-2025:12188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12278", "reference_id": "RHSA-2025:12278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12302", "reference_id": "RHSA-2025:12302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12353", "reference_id": "RHSA-2025:12353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12360", "reference_id": "RHSA-2025:12360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12361", "reference_id": "RHSA-2025:12361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13645", "reference_id": "RHSA-2025:13645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13646", "reference_id": "RHSA-2025:13646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13647", "reference_id": "RHSA-2025:13647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13648", "reference_id": "RHSA-2025:13648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13649", "reference_id": "RHSA-2025:13649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13650", "reference_id": "RHSA-2025:13650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13651", "reference_id": "RHSA-2025:13651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13676", "reference_id": "RHSA-2025:13676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13676" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974407", "reference_id": "show_bug.cgi?id=1974407", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T13:55:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974407" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-8032" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffd7-y29n-6fan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48306?format=api", "vulnerability_id": "VCID-g3n8-mvdt-cqdj", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3029.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3029.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3029", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70947", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70968", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70889", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70946", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70923", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70908", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70864", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70961", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70915", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70931", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3029" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3029", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3029" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356556", "reference_id": "2356556", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356556" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-20", "reference_id": "mfsa2025-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-20/", "reference_id": "mfsa2025-20", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:38:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-22", "reference_id": "mfsa2025-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-22/", "reference_id": "mfsa2025-22", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:38:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-23", "reference_id": "mfsa2025-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-23/", "reference_id": "mfsa2025-23", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:38:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-24", "reference_id": "mfsa2025-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-24/", "reference_id": "mfsa2025-24", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:38:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3556", "reference_id": "RHSA-2025:3556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3581", "reference_id": "RHSA-2025:3581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3582", "reference_id": "RHSA-2025:3582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3587", "reference_id": "RHSA-2025:3587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3589", "reference_id": "RHSA-2025:3589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3590", "reference_id": "RHSA-2025:3590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3620", "reference_id": "RHSA-2025:3620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3621", "reference_id": "RHSA-2025:3621", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3621" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3623", "reference_id": "RHSA-2025:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3628", "reference_id": "RHSA-2025:3628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4026", "reference_id": "RHSA-2025:4026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4027", "reference_id": "RHSA-2025:4027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4028", "reference_id": "RHSA-2025:4028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4029", "reference_id": "RHSA-2025:4029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4030", "reference_id": "RHSA-2025:4030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4031", "reference_id": "RHSA-2025:4031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4032", "reference_id": "RHSA-2025:4032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4169", "reference_id": "RHSA-2025:4169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4170", "reference_id": "RHSA-2025:4170", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4170" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7491", "reference_id": "RHSA-2025:7491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7493", "reference_id": "RHSA-2025:7493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7493" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952213", "reference_id": "show_bug.cgi?id=1952213", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:38:36Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952213" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-3029" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3n8-mvdt-cqdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63004?format=api", "vulnerability_id": "VCID-g5yf-hp8r-rkcs", "summary": "A crafted HTML email using mailbox:/// links can trigger automatic,\nunsolicited downloads of .pdf files to the user's desktop or home\ndirectory without prompting, even if auto-saving is disabled. This\nbehavior can be abused to fill the disk with garbage data (e.g. using\n/dev/urandom on Linux) or to leak Windows credentials via SMB links\nwhen the email is viewed in HTML mode. While user interaction is\nrequired to download the .pdf file, visual obfuscation can conceal\nthe download trigger. Viewing the email in HTML mode is enough to\nload external content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5986.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5986.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3709", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37057", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69002", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68973", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69015", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69022", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69012", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68971", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69001", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5986" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5986", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5986" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372281", "reference_id": "2372281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372281" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012", "reference_id": "buglist.cgi?bug_id=1958580%2C1968012", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T13:20:09Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-49", "reference_id": "mfsa2025-49", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-49" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-49/", "reference_id": "mfsa2025-49", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T13:20:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-49/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-50", "reference_id": "mfsa2025-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-50/", "reference_id": "mfsa2025-50", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T13:20:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-50/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10159", "reference_id": "RHSA-2025:10159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10160", "reference_id": "RHSA-2025:10160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10161", "reference_id": "RHSA-2025:10161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10163", "reference_id": "RHSA-2025:10163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10164", "reference_id": "RHSA-2025:10164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10165", "reference_id": "RHSA-2025:10165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10166", "reference_id": "RHSA-2025:10166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10195", "reference_id": "RHSA-2025:10195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10196", "reference_id": "RHSA-2025:10196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10246", "reference_id": "RHSA-2025:10246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10246" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-5986" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5yf-hp8r-rkcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63026?format=api", "vulnerability_id": "VCID-gph4-xa9p-73fr", "summary": "Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4091.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4091.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4091", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63019", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62947", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63018", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63032", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63015", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62983", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62954", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.6304", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63033", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62996", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362912", "reference_id": "2362912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362912" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105", "reference_id": "buglist.cgi?bug_id=1951161%2C1952105", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-28", "reference_id": "mfsa2025-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "reference_id": "mfsa2025-28", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-29", "reference_id": "mfsa2025-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-29/", "reference_id": "mfsa2025-29", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-29/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-31", "reference_id": "mfsa2025-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "reference_id": "mfsa2025-31", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-32", "reference_id": "mfsa2025-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-32/", "reference_id": "mfsa2025-32", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-32/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4443", "reference_id": "RHSA-2025:4443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4458", "reference_id": "RHSA-2025:4458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4460", "reference_id": "RHSA-2025:4460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4751", "reference_id": "RHSA-2025:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4751" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4752", "reference_id": "RHSA-2025:4752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4753", "reference_id": "RHSA-2025:4753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4756", "reference_id": "RHSA-2025:4756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4797", "reference_id": "RHSA-2025:4797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7428", "reference_id": "RHSA-2025:7428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7506", "reference_id": "RHSA-2025:7506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7543", "reference_id": "RHSA-2025:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7544", "reference_id": "RHSA-2025:7544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7545", "reference_id": "RHSA-2025:7545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7547", "reference_id": "RHSA-2025:7547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7547" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7689", "reference_id": "RHSA-2025:7689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7690", "reference_id": "RHSA-2025:7690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7691", "reference_id": "RHSA-2025:7691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7692", "reference_id": "RHSA-2025:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7693", "reference_id": "RHSA-2025:7693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7694", "reference_id": "RHSA-2025:7694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7695", "reference_id": "RHSA-2025:7695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7695" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-4091" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gph4-xa9p-73fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41986?format=api", "vulnerability_id": "VCID-grjt-j4at-pqbp", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23632", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2514", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25042", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25028", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24983", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24914", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24953", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24961", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24948", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25002", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11692" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946", "reference_id": "2328946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328946" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-63/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-64/", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-68/", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-68/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10591", "reference_id": "RHSA-2024:10591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10592", "reference_id": "RHSA-2024:10592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10667", "reference_id": "RHSA-2024:10667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10702", "reference_id": "RHSA-2024:10702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10703", "reference_id": "RHSA-2024:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10704", "reference_id": "RHSA-2024:10704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10710", "reference_id": "RHSA-2024:10710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10733", "reference_id": "RHSA-2024:10733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10734", "reference_id": "RHSA-2024:10734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10742", "reference_id": "RHSA-2024:10742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10743", "reference_id": "RHSA-2024:10743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10745", "reference_id": "RHSA-2024:10745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10748", "reference_id": "RHSA-2024:10748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10752", "reference_id": "RHSA-2024:10752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10844", "reference_id": "RHSA-2024:10844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10848", "reference_id": "RHSA-2024:10848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10849", "reference_id": "RHSA-2024:10849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10880", "reference_id": "RHSA-2024:10880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10881", "reference_id": "RHSA-2024:10881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10881" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535", "reference_id": "show_bug.cgi?id=1909535", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535" }, { "reference_url": "https://usn.ubuntu.com/7134-1/", "reference_id": "USN-7134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-11692" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-grjt-j4at-pqbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62988?format=api", "vulnerability_id": "VCID-h9em-p9se-rucn", "summary": "Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14321.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20569", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20646", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20855", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24922", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.2481", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24839", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24828", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24883", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420503", "reference_id": "2420503", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420503" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992760", "reference_id": "show_bug.cgi?id=1992760", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992760" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14321" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9em-p9se-rucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62989?format=api", "vulnerability_id": "VCID-hccf-ueut-vugw", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14322.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14322.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.146", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1453", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1455", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19517", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19623", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19482", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19575", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19502", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19491", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14322" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420506", "reference_id": "2420506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420506" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-93/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996473", "reference_id": "show_bug.cgi?id=1996473", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996473" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14322" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hccf-ueut-vugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62946?format=api", "vulnerability_id": "VCID-hfp7-jaxc-2khq", "summary": "Uninitialized memory in the JavaScript Engine component.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9181.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19256", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19237", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19276", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19332", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1938", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19528", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19376", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19324", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19246", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19481", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9181" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389583", "reference_id": "2389583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389583" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-64", "reference_id": "mfsa2025-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "reference_id": "mfsa2025-64", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T14:05:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-66", "reference_id": "mfsa2025-66", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-66" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-66/", "reference_id": "mfsa2025-66", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T14:05:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-66/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-67", "reference_id": "mfsa2025-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "reference_id": "mfsa2025-67", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T14:05:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-70", "reference_id": "mfsa2025-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-70" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "reference_id": "mfsa2025-70", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T14:05:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-70/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-71", "reference_id": "mfsa2025-71", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-71" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-71/", "reference_id": "mfsa2025-71", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T14:05:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-71/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-72", "reference_id": "mfsa2025-72", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-72" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "reference_id": "mfsa2025-72", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T14:05:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-72/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14416", "reference_id": "RHSA-2025:14416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14417", "reference_id": "RHSA-2025:14417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14442", "reference_id": "RHSA-2025:14442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14640", "reference_id": "RHSA-2025:14640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14743", "reference_id": "RHSA-2025:14743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14844", "reference_id": "RHSA-2025:14844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15418", "reference_id": "RHSA-2025:15418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15419", "reference_id": "RHSA-2025:15419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15420", "reference_id": "RHSA-2025:15420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15421", "reference_id": "RHSA-2025:15421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15422", "reference_id": "RHSA-2025:15422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15423", "reference_id": "RHSA-2025:15423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15424", "reference_id": "RHSA-2025:15424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15430", "reference_id": "RHSA-2025:15430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15434", "reference_id": "RHSA-2025:15434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15435", "reference_id": "RHSA-2025:15435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15436", "reference_id": "RHSA-2025:15436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15437", "reference_id": "RHSA-2025:15437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15438", "reference_id": "RHSA-2025:15438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15496", "reference_id": "RHSA-2025:15496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15535", "reference_id": "RHSA-2025:15535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15535" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1977130", "reference_id": "show_bug.cgi?id=1977130", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T14:05:26Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1977130" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-9181" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfp7-jaxc-2khq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36151?format=api", "vulnerability_id": "VCID-hfx8-7x82-zqfk", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10466.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71341", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71362", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71356", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71306", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71265", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7129", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7131", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71327", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71342", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71319", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10466" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322438", "reference_id": "2322438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322438" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:30:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:30:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:30:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:30:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924154", "reference_id": "show_bug.cgi?id=1924154", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:30:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924154" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10466" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfx8-7x82-zqfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62933?format=api", "vulnerability_id": "VCID-hm7h-1na5-7bbx", "summary": "The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1015.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1015.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24238", "scoring_system": "epss", "scoring_elements": "0.96105", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.9618", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.96166", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.96177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.96184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.96156", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.962", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.96195", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.96186", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.96183", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.25193", "scoring_system": "epss", "scoring_elements": "0.96163", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1015" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343759", "reference_id": "2343759", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343759" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:07:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:07:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1939458", "reference_id": "show_bug.cgi?id=1939458", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:07:46Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1939458" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1015" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm7h-1na5-7bbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42000?format=api", "vulnerability_id": "VCID-j5k8-ztxb-uffb", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0238.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0238.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30485", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32204", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32076", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32042", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32112", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32108", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32078", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32027", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32165", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32053", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0238" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336165", "reference_id": "2336165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336165" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:24:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:24:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-03", "reference_id": "mfsa2025-03", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-03/", "reference_id": "mfsa2025-03", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:24:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:24:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:24:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0080", "reference_id": "RHSA-2025:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0132", "reference_id": "RHSA-2025:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0133", "reference_id": "RHSA-2025:0133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0134", "reference_id": "RHSA-2025:0134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0135", "reference_id": "RHSA-2025:0135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0136", "reference_id": "RHSA-2025:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0137", "reference_id": "RHSA-2025:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0138", "reference_id": "RHSA-2025:0138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0144", "reference_id": "RHSA-2025:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0147", "reference_id": "RHSA-2025:0147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0162", "reference_id": "RHSA-2025:0162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0165", "reference_id": "RHSA-2025:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0166", "reference_id": "RHSA-2025:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0167", "reference_id": "RHSA-2025:0167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0275", "reference_id": "RHSA-2025:0275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0281", "reference_id": "RHSA-2025:0281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0284", "reference_id": "RHSA-2025:0284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0286", "reference_id": "RHSA-2025:0286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0287", "reference_id": "RHSA-2025:0287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0287" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915535", "reference_id": "show_bug.cgi?id=1915535", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:24:00Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915535" }, { "reference_url": "https://usn.ubuntu.com/7191-1/", "reference_id": "USN-7191-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7191-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-0238" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5k8-ztxb-uffb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62915?format=api", "vulnerability_id": "VCID-j6w1-yhc3-uqfw", "summary": "An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6425.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28614", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2857", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28524", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28483", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28417", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.299", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29946", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29847", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29867", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.2985", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.6145", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6425" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6425" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374562", "reference_id": "2374562", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374562" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-51", "reference_id": "mfsa2025-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "reference_id": "mfsa2025-51", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-52", "reference_id": "mfsa2025-52", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-52" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-52/", "reference_id": "mfsa2025-52", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-52/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-53", "reference_id": "mfsa2025-53", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-53" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-53/", "reference_id": "mfsa2025-53", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-54", "reference_id": "mfsa2025-54", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-54" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "reference_id": "mfsa2025-54", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-55", "reference_id": "mfsa2025-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-55/", "reference_id": "mfsa2025-55", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10072", "reference_id": "RHSA-2025:10072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10073", "reference_id": "RHSA-2025:10073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10074", "reference_id": "RHSA-2025:10074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10159", "reference_id": "RHSA-2025:10159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10160", "reference_id": "RHSA-2025:10160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10161", "reference_id": "RHSA-2025:10161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10163", "reference_id": "RHSA-2025:10163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10164", "reference_id": "RHSA-2025:10164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10165", "reference_id": "RHSA-2025:10165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10166", "reference_id": "RHSA-2025:10166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10181", "reference_id": "RHSA-2025:10181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10182", "reference_id": "RHSA-2025:10182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10183", "reference_id": "RHSA-2025:10183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10184", "reference_id": "RHSA-2025:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10185", "reference_id": "RHSA-2025:10185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10186", "reference_id": "RHSA-2025:10186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10187", "reference_id": "RHSA-2025:10187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10188", "reference_id": "RHSA-2025:10188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10195", "reference_id": "RHSA-2025:10195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10196", "reference_id": "RHSA-2025:10196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10246", "reference_id": "RHSA-2025:10246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10246" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1717672", "reference_id": "show_bug.cgi?id=1717672", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1717672" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-6425" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6w1-yhc3-uqfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62970?format=api", "vulnerability_id": "VCID-jm7w-hqzq-tqde", "summary": "Thunderbird executed javascript: URLs when used in object and embed tags.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8029.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8029.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8029", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12843", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12795", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19614", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19622", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19563", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19671", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19528", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19666", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21483", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21452", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8029" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8029", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8029" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382720", "reference_id": "2382720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382720" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:29:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:29:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:29:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:29:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:29:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:29:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11747", "reference_id": "RHSA-2025:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11748", "reference_id": "RHSA-2025:11748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11797", "reference_id": "RHSA-2025:11797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12044", "reference_id": "RHSA-2025:12044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12045", "reference_id": "RHSA-2025:12045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12046", "reference_id": "RHSA-2025:12046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12187", "reference_id": "RHSA-2025:12187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12188", "reference_id": "RHSA-2025:12188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12278", "reference_id": "RHSA-2025:12278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12302", "reference_id": "RHSA-2025:12302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12353", "reference_id": "RHSA-2025:12353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12360", "reference_id": "RHSA-2025:12360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12361", "reference_id": "RHSA-2025:12361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13645", "reference_id": "RHSA-2025:13645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13646", "reference_id": "RHSA-2025:13646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13647", "reference_id": "RHSA-2025:13647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13648", "reference_id": "RHSA-2025:13648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13649", "reference_id": "RHSA-2025:13649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13650", "reference_id": "RHSA-2025:13650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13651", "reference_id": "RHSA-2025:13651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13676", "reference_id": "RHSA-2025:13676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13676" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1928021", "reference_id": "show_bug.cgi?id=1928021", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:29:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1928021" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-8029" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7w-hqzq-tqde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62937?format=api", "vulnerability_id": "VCID-jyns-kqp9-4ygh", "summary": "By crafting a malformed file name for an attachment in a multipart\nmessage, an attacker can trick Thunderbird into including a\ndirectory listing of /tmp when the message is forwarded or edited\nas a new message. This vulnerability could allow attackers to\ndisclose sensitive information from the victim's system. This\nvulnerability is not limited to Linux; similar behavior has been\nobserved on Windows as well.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45075", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4509", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45089", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45112", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45124", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45131", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45082", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4508", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45094", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359789", "reference_id": "2359789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359789" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4229", "reference_id": "RHSA-2025:4229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4389", "reference_id": "RHSA-2025:4389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4512", "reference_id": "RHSA-2025:4512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4513", "reference_id": "RHSA-2025:4513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4514", "reference_id": "RHSA-2025:4514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4617", "reference_id": "RHSA-2025:4617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4649", "reference_id": "RHSA-2025:4649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4654", "reference_id": "RHSA-2025:4654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4665", "reference_id": "RHSA-2025:4665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7435", "reference_id": "RHSA-2025:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379", "reference_id": "show_bug.cgi?id=1956379", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-2830" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyns-kqp9-4ygh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63019?format=api", "vulnerability_id": "VCID-kdwy-7p45-hbcs", "summary": "Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13015.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13015.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08124", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11327", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13252", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1334", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13302", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13908", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27955", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28116", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28023", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28159", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414090", "reference_id": "2414090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414090" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-89/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994164", "reference_id": "show_bug.cgi?id=1994164", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994164" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-13015" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kdwy-7p45-hbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63040?format=api", "vulnerability_id": "VCID-kkgh-a9hg-fud8", "summary": "A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26681", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26702", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26856", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26759", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.268", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403768", "reference_id": "2403768", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403768" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989899", "reference_id": "show_bug.cgi?id=1989899", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989899" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-11710" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkgh-a9hg-fud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62911?format=api", "vulnerability_id": "VCID-m93r-91y4-xyaz", "summary": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1010.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1010.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52864", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57036", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57012", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57032", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57051", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5704", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57038", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57007", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57031", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56989", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1010" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343750", "reference_id": "2343750", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343750" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-08", "reference_id": "mfsa2025-08", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-08" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-08/", "reference_id": "mfsa2025-08", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1066", "reference_id": "RHSA-2025:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1132", "reference_id": "RHSA-2025:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1133", "reference_id": "RHSA-2025:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1135", "reference_id": "RHSA-2025:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1136", "reference_id": "RHSA-2025:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1137", "reference_id": "RHSA-2025:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1138", "reference_id": "RHSA-2025:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1139", "reference_id": "RHSA-2025:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1140", "reference_id": "RHSA-2025:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1283", "reference_id": "RHSA-2025:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936982", "reference_id": "show_bug.cgi?id=1936982", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936982" }, { "reference_url": "https://usn.ubuntu.com/7263-1/", "reference_id": "USN-7263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7263-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1010" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m93r-91y4-xyaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62918?format=api", "vulnerability_id": "VCID-mrb2-hz9y-4ufp", "summary": "When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6430.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6430.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26119", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26308", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26234", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26186", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26348", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28055", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27946", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27964", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27955", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.5884", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6430", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6430" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374555", "reference_id": "2374555", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374555" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-51", "reference_id": "mfsa2025-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "reference_id": "mfsa2025-51", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-53", "reference_id": "mfsa2025-53", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-53" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-53/", "reference_id": "mfsa2025-53", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-54", "reference_id": "mfsa2025-54", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-54" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "reference_id": "mfsa2025-54", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-55", "reference_id": "mfsa2025-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-55/", "reference_id": "mfsa2025-55", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10072", "reference_id": "RHSA-2025:10072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10073", "reference_id": "RHSA-2025:10073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10074", "reference_id": "RHSA-2025:10074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10159", "reference_id": "RHSA-2025:10159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10160", "reference_id": "RHSA-2025:10160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10161", "reference_id": "RHSA-2025:10161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10163", "reference_id": "RHSA-2025:10163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10164", "reference_id": "RHSA-2025:10164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10165", "reference_id": "RHSA-2025:10165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10166", "reference_id": "RHSA-2025:10166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10181", "reference_id": "RHSA-2025:10181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10182", "reference_id": "RHSA-2025:10182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10183", "reference_id": "RHSA-2025:10183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10184", "reference_id": "RHSA-2025:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10185", "reference_id": "RHSA-2025:10185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10186", "reference_id": "RHSA-2025:10186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10187", "reference_id": "RHSA-2025:10187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10188", "reference_id": "RHSA-2025:10188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10195", "reference_id": "RHSA-2025:10195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10196", "reference_id": "RHSA-2025:10196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10246", "reference_id": "RHSA-2025:10246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10246" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971140", "reference_id": "show_bug.cgi?id=1971140", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971140" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-6430" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mrb2-hz9y-4ufp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62932?format=api", "vulnerability_id": "VCID-ms9h-982a-pkdu", "summary": "Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1014.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1014.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43756", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43812", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43786", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43818", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43798", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43795", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43744", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43788", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43823", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43831", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4377", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1014" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343764", "reference_id": "2343764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343764" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1066", "reference_id": "RHSA-2025:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1132", "reference_id": "RHSA-2025:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1133", "reference_id": "RHSA-2025:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1135", "reference_id": "RHSA-2025:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1136", "reference_id": "RHSA-2025:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1137", "reference_id": "RHSA-2025:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1138", "reference_id": "RHSA-2025:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1139", "reference_id": "RHSA-2025:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1140", "reference_id": "RHSA-2025:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1283", "reference_id": "RHSA-2025:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940804", "reference_id": "show_bug.cgi?id=1940804", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940804" }, { "reference_url": "https://usn.ubuntu.com/7263-1/", "reference_id": "USN-7263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7263-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1014" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ms9h-982a-pkdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36150?format=api", "vulnerability_id": "VCID-mw96-qtnz-gqdx", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10465.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66065", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66077", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66063", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.65994", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6604", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6599", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66023", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66028", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66058", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66052", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10465" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322434", "reference_id": "2322434", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322434" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:41:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:41:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:41:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:41:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1918853", "reference_id": "show_bug.cgi?id=1918853", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:41:01Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1918853" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10465" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mw96-qtnz-gqdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62954?format=api", "vulnerability_id": "VCID-n2hq-1ck4-ayhp", "summary": "Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5263.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5263.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39968", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40046", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40075", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40025", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40003", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.4007", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40056", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40082", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40044", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40081", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5263" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5263", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5263" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368756", "reference_id": "2368756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368756" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:20:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-42/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43", "reference_id": "mfsa2025-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-43/", "reference_id": "mfsa2025-43", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:20:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-43/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:20:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-44/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:20:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-45/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:20:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-46/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8293", "reference_id": "RHSA-2025:8293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8308", "reference_id": "RHSA-2025:8308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8341", "reference_id": "RHSA-2025:8341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9071", "reference_id": "RHSA-2025:9071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9072", "reference_id": "RHSA-2025:9072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9073", "reference_id": "RHSA-2025:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9074", "reference_id": "RHSA-2025:9074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9075", "reference_id": "RHSA-2025:9075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9076", "reference_id": "RHSA-2025:9076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9077", "reference_id": "RHSA-2025:9077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9155", "reference_id": "RHSA-2025:9155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9155" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960745", "reference_id": "show_bug.cgi?id=1960745", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:20:12Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960745" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-5263" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2hq-1ck4-ayhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62985?format=api", "vulnerability_id": "VCID-n3rs-11fq-wqc4", "summary": "Thunderbird parses addresses in a way that can allow sender\nspoofing in case the server allows an invalid From address to be\nused. For example, if the From header contains an (invalid) value\n\"Spoofed Name \",\nThunderbird treats spoofed@example.com as the actual address.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59184", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59116", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59167", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.5918", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.592", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59183", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59199", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59204", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59129", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59152", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366287", "reference_id": "2366287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366287" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-34", "reference_id": "mfsa2025-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-34/", "reference_id": "mfsa2025-34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-34/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-35", "reference_id": "mfsa2025-35", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-35" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-35/", "reference_id": "mfsa2025-35", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-35/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8196", "reference_id": "RHSA-2025:8196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8203", "reference_id": "RHSA-2025:8203", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8324", "reference_id": "RHSA-2025:8324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8325", "reference_id": "RHSA-2025:8325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8326", "reference_id": "RHSA-2025:8326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8391", "reference_id": "RHSA-2025:8391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8507", "reference_id": "RHSA-2025:8507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8594", "reference_id": "RHSA-2025:8594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8784", "reference_id": "RHSA-2025:8784", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8784" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950629", "reference_id": "show_bug.cgi?id=1950629", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950629" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-3875" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3rs-11fq-wqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36143?format=api", "vulnerability_id": "VCID-n4hu-b1t6-xkay", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10458.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.6392", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.6391", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63874", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63921", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63856", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63884", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63908", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63841", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63891", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10458" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322428", "reference_id": "2322428", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322428" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:43:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:43:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-57", "reference_id": "mfsa2024-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-57" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-57/", "reference_id": "mfsa2024-57", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:43:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-57/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:43:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:43:41Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1921733", "reference_id": "show_bug.cgi?id=1921733", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:43:41Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1921733" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10458" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4hu-b1t6-xkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62938?format=api", "vulnerability_id": "VCID-n9jq-77ud-v7c9", "summary": "When an email contains multiple attachments with external links\nvia the X-Mozilla-External-Attachment-URL header, only the last\nlink is shown when hovering over any attachment. Although the\ncorrect link is used on click, the misleading hover text could\ntrick users into downloading content from untrusted sources.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47696", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47684", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47634", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47708", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47664", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47743", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47751", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47694", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47685", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359786", "reference_id": "2359786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359786" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4229", "reference_id": "RHSA-2025:4229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4389", "reference_id": "RHSA-2025:4389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4512", "reference_id": "RHSA-2025:4512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4513", "reference_id": "RHSA-2025:4513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4514", "reference_id": "RHSA-2025:4514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4617", "reference_id": "RHSA-2025:4617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4649", "reference_id": "RHSA-2025:4649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4654", "reference_id": "RHSA-2025:4654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4665", "reference_id": "RHSA-2025:4665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7435", "reference_id": "RHSA-2025:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958385", "reference_id": "show_bug.cgi?id=1958385", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958385" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-3523" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9jq-77ud-v7c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62995?format=api", "vulnerability_id": "VCID-pcgf-xtfq-6ugb", "summary": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21238", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21432", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2138", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21318", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21486", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.2542", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25377", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25409", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25471", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25414", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25514", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420516", "reference_id": "2420516", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420516" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997503", "reference_id": "show_bug.cgi?id=1997503", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997503" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14330" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcgf-xtfq-6ugb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48301?format=api", "vulnerability_id": "VCID-pcrz-f3nj-kybr", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1938.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49311", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49258", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49307", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49263", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54274", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54804", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54832", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54821", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54824", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54773", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1938" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1938", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1938" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349793", "reference_id": "2349793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349793" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111", "reference_id": "buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:08Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2359", "reference_id": "RHSA-2025:2359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2452", "reference_id": "RHSA-2025:2452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2479", "reference_id": "RHSA-2025:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2480", "reference_id": "RHSA-2025:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2481", "reference_id": "RHSA-2025:2481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2484", "reference_id": "RHSA-2025:2484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2485", "reference_id": "RHSA-2025:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2486", "reference_id": "RHSA-2025:2486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2699", "reference_id": "RHSA-2025:2699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2708", "reference_id": "RHSA-2025:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2899", "reference_id": "RHSA-2025:2899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2900", "reference_id": "RHSA-2025:2900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2957", "reference_id": "RHSA-2025:2957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2957" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2958", "reference_id": "RHSA-2025:2958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2959", "reference_id": "RHSA-2025:2959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2960", "reference_id": "RHSA-2025:2960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3009", "reference_id": "RHSA-2025:3009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3013", "reference_id": "RHSA-2025:3013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3036", "reference_id": "RHSA-2025:3036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3036" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1938" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcrz-f3nj-kybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62931?format=api", "vulnerability_id": "VCID-pj4h-ff45-e3ez", "summary": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4822", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48207", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48232", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48208", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48213", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4816", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48264", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4827", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48218", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1013" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343754", "reference_id": "2343754", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343754" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1066", "reference_id": "RHSA-2025:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1132", "reference_id": "RHSA-2025:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1133", "reference_id": "RHSA-2025:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1135", "reference_id": "RHSA-2025:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1136", "reference_id": "RHSA-2025:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1137", "reference_id": "RHSA-2025:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1138", "reference_id": "RHSA-2025:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1139", "reference_id": "RHSA-2025:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1140", "reference_id": "RHSA-2025:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1283", "reference_id": "RHSA-2025:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1932555", "reference_id": "show_bug.cgi?id=1932555", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1932555" }, { "reference_url": "https://usn.ubuntu.com/7263-1/", "reference_id": "USN-7263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7263-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1013" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pj4h-ff45-e3ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62986?format=api", "vulnerability_id": "VCID-pneu-6c1f-zkfa", "summary": "Thunderbird's handling of the X-Mozilla-External-Attachment-URL header\ncan be exploited to execute JavaScript in the file:/// context. By crafting a\nnested email attachment (message/rfc822) and setting its content type to\napplication/pdf, Thunderbird may incorrectly render it as HTML when\nopened, allowing the embedded JavaScript to run without requiring a file\ndownload. This behavior relies on Thunderbird auto-saving the attachment\nto /tmp and linking to it via the file:/// protocol, potentially enabling\nJavaScript execution as part of the HTML.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3909.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3909.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62117", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62028", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62078", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62095", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62115", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62104", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62083", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62127", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62133", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62058", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366283", "reference_id": "2366283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366283" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-34", "reference_id": "mfsa2025-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-34/", "reference_id": "mfsa2025-34", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-34/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-35", "reference_id": "mfsa2025-35", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-35" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-35/", "reference_id": "mfsa2025-35", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-35/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8196", "reference_id": "RHSA-2025:8196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8203", "reference_id": "RHSA-2025:8203", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8324", "reference_id": "RHSA-2025:8324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8325", "reference_id": "RHSA-2025:8325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8326", "reference_id": "RHSA-2025:8326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8391", "reference_id": "RHSA-2025:8391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8507", "reference_id": "RHSA-2025:8507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8594", "reference_id": "RHSA-2025:8594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8784", "reference_id": "RHSA-2025:8784", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8784" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958376", "reference_id": "show_bug.cgi?id=1958376", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958376" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-3909" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pneu-6c1f-zkfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62968?format=api", "vulnerability_id": "VCID-psc3-4ssv-wyb5", "summary": "On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8027.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8027.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8027", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22705", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.2961", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29578", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29559", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29653", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29615", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29552", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31574", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31606", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8027" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8027" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382707", "reference_id": "2382707", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382707" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:42:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57", "reference_id": "mfsa2025-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-57/", "reference_id": "mfsa2025-57", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:42:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:42:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:42:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:42:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:42:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:42:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11747", "reference_id": "RHSA-2025:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11748", "reference_id": "RHSA-2025:11748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11797", "reference_id": "RHSA-2025:11797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12044", "reference_id": "RHSA-2025:12044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12045", "reference_id": "RHSA-2025:12045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12046", "reference_id": "RHSA-2025:12046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12187", "reference_id": "RHSA-2025:12187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12188", "reference_id": "RHSA-2025:12188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12278", "reference_id": "RHSA-2025:12278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12302", "reference_id": "RHSA-2025:12302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12353", "reference_id": "RHSA-2025:12353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12360", "reference_id": "RHSA-2025:12360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12361", "reference_id": "RHSA-2025:12361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13645", "reference_id": "RHSA-2025:13645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13646", "reference_id": "RHSA-2025:13646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13647", "reference_id": "RHSA-2025:13647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13648", "reference_id": "RHSA-2025:13648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13649", "reference_id": "RHSA-2025:13649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13650", "reference_id": "RHSA-2025:13650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13651", "reference_id": "RHSA-2025:13651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13676", "reference_id": "RHSA-2025:13676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13676" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968423", "reference_id": "show_bug.cgi?id=1968423", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:42:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968423" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-8027" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psc3-4ssv-wyb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62975?format=api", "vulnerability_id": "VCID-q9f4-zumy-wbfy", "summary": "Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8034.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8034.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25824", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3145", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3149", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31457", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31494", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31536", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31502", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33505", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.3347", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8034" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382711", "reference_id": "2382711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382711" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57", "reference_id": "mfsa2025-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-57/", "reference_id": "mfsa2025-57", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11747", "reference_id": "RHSA-2025:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11748", "reference_id": "RHSA-2025:11748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11797", "reference_id": "RHSA-2025:11797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12044", "reference_id": "RHSA-2025:12044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12045", "reference_id": "RHSA-2025:12045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12046", "reference_id": "RHSA-2025:12046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12187", "reference_id": "RHSA-2025:12187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12188", "reference_id": "RHSA-2025:12188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12278", "reference_id": "RHSA-2025:12278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12302", "reference_id": "RHSA-2025:12302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12353", "reference_id": "RHSA-2025:12353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12360", "reference_id": "RHSA-2025:12360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12361", "reference_id": "RHSA-2025:12361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13645", "reference_id": "RHSA-2025:13645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13646", "reference_id": "RHSA-2025:13646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13647", "reference_id": "RHSA-2025:13647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13648", "reference_id": "RHSA-2025:13648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13649", "reference_id": "RHSA-2025:13649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13650", "reference_id": "RHSA-2025:13650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13651", "reference_id": "RHSA-2025:13651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13676", "reference_id": "RHSA-2025:13676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13676" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970422", "reference_id": "show_bug.cgi?id=1970422", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:30Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970422" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-8034" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9f4-zumy-wbfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63039?format=api", "vulnerability_id": "VCID-qeh2-jn2v-9ug7", "summary": "A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11709.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11709.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11709", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26681", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26702", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26856", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26759", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.268", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26896", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403765", "reference_id": "2403765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403765" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127", "reference_id": "show_bug.cgi?id=1989127", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-11709" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qeh2-jn2v-9ug7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63017?format=api", "vulnerability_id": "VCID-qgvy-hzsx-hkge", "summary": "Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13014.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13014.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13292", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13254", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13205", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13112", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13848", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26276", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26456", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.265", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414080", "reference_id": "2414080", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414080" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-89/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994241", "reference_id": "show_bug.cgi?id=1994241", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994241" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-13014" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qgvy-hzsx-hkge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42003?format=api", "vulnerability_id": "VCID-qtcm-9z3v-dydn", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0241.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0241.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22547", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22491", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22472", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22417", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22335", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22361", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22411", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22413", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22396", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0241" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336168", "reference_id": "2336168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336168" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T17:27:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T17:27:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T17:27:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T17:27:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0080", "reference_id": "RHSA-2025:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0132", "reference_id": "RHSA-2025:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0133", "reference_id": "RHSA-2025:0133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0134", "reference_id": "RHSA-2025:0134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0135", "reference_id": "RHSA-2025:0135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0136", "reference_id": "RHSA-2025:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0137", "reference_id": "RHSA-2025:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0138", "reference_id": "RHSA-2025:0138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0144", "reference_id": "RHSA-2025:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0147", "reference_id": "RHSA-2025:0147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0162", "reference_id": "RHSA-2025:0162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0165", "reference_id": "RHSA-2025:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0166", "reference_id": "RHSA-2025:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0167", "reference_id": "RHSA-2025:0167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0275", "reference_id": "RHSA-2025:0275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0281", "reference_id": "RHSA-2025:0281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0284", "reference_id": "RHSA-2025:0284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0286", "reference_id": "RHSA-2025:0286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0287", "reference_id": "RHSA-2025:0287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0287" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933023", "reference_id": "show_bug.cgi?id=1933023", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T17:27:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933023" }, { "reference_url": "https://usn.ubuntu.com/7191-1/", "reference_id": "USN-7191-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7191-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-0241" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtcm-9z3v-dydn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61339?format=api", "vulnerability_id": "VCID-qw3q-xg7s-wbd7", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12534", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12495", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12666", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12479", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12557", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12607", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12398", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12672", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15469", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351146", "reference_id": "2351146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351146" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T18:51:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T18:51:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1883039", "reference_id": "show_bug.cgi?id=1883039", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T18:51:16Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1883039" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-26695" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qw3q-xg7s-wbd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62974?format=api", "vulnerability_id": "VCID-qz95-5z9e-7qb7", "summary": "The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8033.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8033.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23334", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23291", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30236", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30257", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30242", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30291", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30296", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32331", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32303", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8033" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8033" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382717", "reference_id": "2382717", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382717" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57", "reference_id": "mfsa2025-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-57/", "reference_id": "mfsa2025-57", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11747", "reference_id": "RHSA-2025:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11748", "reference_id": "RHSA-2025:11748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11797", "reference_id": "RHSA-2025:11797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12044", "reference_id": "RHSA-2025:12044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12045", "reference_id": "RHSA-2025:12045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12046", "reference_id": "RHSA-2025:12046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12187", "reference_id": "RHSA-2025:12187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12188", "reference_id": "RHSA-2025:12188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12278", "reference_id": "RHSA-2025:12278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12302", "reference_id": "RHSA-2025:12302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12353", "reference_id": "RHSA-2025:12353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12360", "reference_id": "RHSA-2025:12360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12361", "reference_id": "RHSA-2025:12361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13645", "reference_id": "RHSA-2025:13645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13646", "reference_id": "RHSA-2025:13646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13647", "reference_id": "RHSA-2025:13647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13648", "reference_id": "RHSA-2025:13648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13649", "reference_id": "RHSA-2025:13649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13650", "reference_id": "RHSA-2025:13650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13651", "reference_id": "RHSA-2025:13651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13676", "reference_id": "RHSA-2025:13676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13676" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1973990", "reference_id": "show_bug.cgi?id=1973990", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T13:36:06Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1973990" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-8033" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qz95-5z9e-7qb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62914?format=api", "vulnerability_id": "VCID-r29z-4m4j-8kft", "summary": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6424.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51534", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51545", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53808", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53825", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53833", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53829", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53792", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01103", "scoring_system": "epss", "scoring_elements": "0.78099", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6424" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6424" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374559", "reference_id": "2374559", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374559" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-51", "reference_id": "mfsa2025-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "reference_id": "mfsa2025-51", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-52", "reference_id": "mfsa2025-52", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-52" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-52/", "reference_id": "mfsa2025-52", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-52/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-53", "reference_id": "mfsa2025-53", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-53" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-53/", "reference_id": "mfsa2025-53", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-54", "reference_id": "mfsa2025-54", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-54" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "reference_id": "mfsa2025-54", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-55", "reference_id": "mfsa2025-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-55/", "reference_id": "mfsa2025-55", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10072", "reference_id": "RHSA-2025:10072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10073", "reference_id": "RHSA-2025:10073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10074", "reference_id": "RHSA-2025:10074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10159", "reference_id": "RHSA-2025:10159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10160", "reference_id": "RHSA-2025:10160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10161", "reference_id": "RHSA-2025:10161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10163", "reference_id": "RHSA-2025:10163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10164", "reference_id": "RHSA-2025:10164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10165", "reference_id": "RHSA-2025:10165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10166", "reference_id": "RHSA-2025:10166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10181", "reference_id": "RHSA-2025:10181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10182", "reference_id": "RHSA-2025:10182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10183", "reference_id": "RHSA-2025:10183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10184", "reference_id": "RHSA-2025:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10185", "reference_id": "RHSA-2025:10185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10186", "reference_id": "RHSA-2025:10186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10187", "reference_id": "RHSA-2025:10187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10188", "reference_id": "RHSA-2025:10188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10195", "reference_id": "RHSA-2025:10195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10196", "reference_id": "RHSA-2025:10196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10246", "reference_id": "RHSA-2025:10246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10246" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966423", "reference_id": "show_bug.cgi?id=1966423", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966423" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-6424" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r29z-4m4j-8kft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41999?format=api", "vulnerability_id": "VCID-r7ss-g876-c7fg", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0237.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28036", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.31026", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30848", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30893", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30935", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30933", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30903", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30845", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30979", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30859", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30879", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0237" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336182", "reference_id": "2336182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336182" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T15:57:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T15:57:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T15:57:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T15:57:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0080", "reference_id": "RHSA-2025:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0132", "reference_id": "RHSA-2025:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0133", "reference_id": "RHSA-2025:0133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0134", "reference_id": "RHSA-2025:0134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0135", "reference_id": "RHSA-2025:0135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0136", "reference_id": "RHSA-2025:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0137", "reference_id": "RHSA-2025:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0138", "reference_id": "RHSA-2025:0138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0144", "reference_id": "RHSA-2025:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0147", "reference_id": "RHSA-2025:0147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0162", "reference_id": "RHSA-2025:0162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0165", "reference_id": "RHSA-2025:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0166", "reference_id": "RHSA-2025:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0167", "reference_id": "RHSA-2025:0167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0275", "reference_id": "RHSA-2025:0275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0281", "reference_id": "RHSA-2025:0281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0284", "reference_id": "RHSA-2025:0284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0286", "reference_id": "RHSA-2025:0286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0287", "reference_id": "RHSA-2025:0287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0287" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915257", "reference_id": "show_bug.cgi?id=1915257", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T15:57:56Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915257" }, { "reference_url": "https://usn.ubuntu.com/7191-1/", "reference_id": "USN-7191-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7191-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-0237" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7ss-g876-c7fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36148?format=api", "vulnerability_id": "VCID-rcg4-7hjg-v7du", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10463.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10463.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64514", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64522", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6451", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64476", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64436", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64447", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64504", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64516", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64501", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64484", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10463" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10463", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10463" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322439", "reference_id": "2322439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322439" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:52:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:52:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-57", "reference_id": "mfsa2024-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-57" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-57/", "reference_id": "mfsa2024-57", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:52:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-57/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:52:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:52:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920800", "reference_id": "show_bug.cgi?id=1920800", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:52:00Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920800" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10463" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rcg4-7hjg-v7du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62936?format=api", "vulnerability_id": "VCID-rfve-tkv7-13dv", "summary": "Thunderbird processes the X-Mozilla-External-Attachment-URL header\nto handle attachments which can be hosted externally. When an\nemail is opened, Thunderbird accesses the specified URL to \ndetermine file size, and navigates to it when the user clicks the\nattachment. Because the URL is not validated or sanitized, it can\nreference internal resources like chrome:// or SMB share file:// links,\npotentially leading to hashed Windows credential leakage and opening the\ndoor to more serious security issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45837", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45872", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45796", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45853", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.4585", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45824", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45892", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45842", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45846", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359793", "reference_id": "2359793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359793" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4229", "reference_id": "RHSA-2025:4229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4389", "reference_id": "RHSA-2025:4389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4512", "reference_id": "RHSA-2025:4512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4513", "reference_id": "RHSA-2025:4513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4514", "reference_id": "RHSA-2025:4514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4617", "reference_id": "RHSA-2025:4617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4649", "reference_id": "RHSA-2025:4649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4654", "reference_id": "RHSA-2025:4654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4665", "reference_id": "RHSA-2025:4665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7435", "reference_id": "RHSA-2025:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955372", "reference_id": "show_bug.cgi?id=1955372", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955372" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-3522" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfve-tkv7-13dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62919?format=api", "vulnerability_id": "VCID-rg63-avu7-2bdc", "summary": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10527.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16282", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16221", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16209", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16227", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16078", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18416", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18472", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18429", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1845", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18523", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395745", "reference_id": "2395745", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395745" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825", "reference_id": "show_bug.cgi?id=1984825", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-10527" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rg63-avu7-2bdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62960?format=api", "vulnerability_id": "VCID-rkj9-dd18-xka9", "summary": "A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5267.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5267.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57629", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57655", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57625", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57619", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57651", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57647", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57598", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57645", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57666", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5267" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368750", "reference_id": "2368750", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368750" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-42/", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-42/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-44/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-45/", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-45/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-46/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8293", "reference_id": "RHSA-2025:8293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8308", "reference_id": "RHSA-2025:8308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8341", "reference_id": "RHSA-2025:8341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9071", "reference_id": "RHSA-2025:9071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9072", "reference_id": "RHSA-2025:9072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9073", "reference_id": "RHSA-2025:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9074", "reference_id": "RHSA-2025:9074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9075", "reference_id": "RHSA-2025:9075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9076", "reference_id": "RHSA-2025:9076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9077", "reference_id": "RHSA-2025:9077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9155", "reference_id": "RHSA-2025:9155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9155" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954137", "reference_id": "show_bug.cgi?id=1954137", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:44:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954137" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-5267" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkj9-dd18-xka9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62924?format=api", "vulnerability_id": "VCID-ruc1-kmaz-fkbb", "summary": "Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10532.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10532.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10532", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17898", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17844", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17768", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17599", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2005", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20052", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20067", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20054", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20125", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395754", "reference_id": "2395754", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395754" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502", "reference_id": "show_bug.cgi?id=1979502", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-10532" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruc1-kmaz-fkbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62917?format=api", "vulnerability_id": "VCID-s89g-7f5f-5qd2", "summary": "Thunderbird could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6429.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6429.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29245", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29383", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2935", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29309", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29432", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30853", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30771", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30791", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30764", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30809", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62651", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6429", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6429" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374561", "reference_id": "2374561", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374561" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-51", "reference_id": "mfsa2025-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "reference_id": "mfsa2025-51", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-53", "reference_id": "mfsa2025-53", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-53" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-53/", "reference_id": "mfsa2025-53", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-54", "reference_id": "mfsa2025-54", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-54" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "reference_id": "mfsa2025-54", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-55", "reference_id": "mfsa2025-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-55/", "reference_id": "mfsa2025-55", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10072", "reference_id": "RHSA-2025:10072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10073", "reference_id": "RHSA-2025:10073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10074", "reference_id": "RHSA-2025:10074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10159", "reference_id": "RHSA-2025:10159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10160", "reference_id": "RHSA-2025:10160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10161", "reference_id": "RHSA-2025:10161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10163", "reference_id": "RHSA-2025:10163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10164", "reference_id": "RHSA-2025:10164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10165", "reference_id": "RHSA-2025:10165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10166", "reference_id": "RHSA-2025:10166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10181", "reference_id": "RHSA-2025:10181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10182", "reference_id": "RHSA-2025:10182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10183", "reference_id": "RHSA-2025:10183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10184", "reference_id": "RHSA-2025:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10185", "reference_id": "RHSA-2025:10185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10186", "reference_id": "RHSA-2025:10186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10187", "reference_id": "RHSA-2025:10187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10188", "reference_id": "RHSA-2025:10188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10195", "reference_id": "RHSA-2025:10195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10196", "reference_id": "RHSA-2025:10196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10246", "reference_id": "RHSA-2025:10246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10246" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970658", "reference_id": "show_bug.cgi?id=1970658", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970658" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-6429" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s89g-7f5f-5qd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36146?format=api", "vulnerability_id": "VCID-sg2y-gfue-6qam", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10461.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10461.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76335", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.7635", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76345", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76248", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76291", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76259", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76309", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76331", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76305", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10461" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322425", "reference_id": "2322425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322425" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:04:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:04:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:04:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:04:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1914521", "reference_id": "show_bug.cgi?id=1914521", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T14:04:49Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1914521" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10461" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sg2y-gfue-6qam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62934?format=api", "vulnerability_id": "VCID-svy5-paub-2bhr", "summary": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0510.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0510.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59221", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59254", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59206", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.5917", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59234", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59181", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59259", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59218", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59236", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00574", "scoring_system": "epss", "scoring_elements": "0.68743", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0510" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0510" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343762", "reference_id": "2343762", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343762" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:01:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:01:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570", "reference_id": "show_bug.cgi?id=1940570", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:01:31Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-0510" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svy5-paub-2bhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63044?format=api", "vulnerability_id": "VCID-t9cw-yjar-ckfd", "summary": "A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1205", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11931", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11934", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12141", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1207", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11988", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12093", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12129", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12122", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11712" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403770", "reference_id": "2403770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403770" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979536", "reference_id": "show_bug.cgi?id=1979536", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979536" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-11712" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9cw-yjar-ckfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42002?format=api", "vulnerability_id": "VCID-tgpf-32kg-rqc2", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0240.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0240.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14868", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14906", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14941", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1489", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.148", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1492", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14773", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14714", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14706", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0240" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336188", "reference_id": "2336188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336188" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:36:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:36:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:36:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:36:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0080", "reference_id": "RHSA-2025:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0132", "reference_id": "RHSA-2025:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0133", "reference_id": "RHSA-2025:0133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0134", "reference_id": "RHSA-2025:0134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0135", "reference_id": "RHSA-2025:0135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0136", "reference_id": "RHSA-2025:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0137", "reference_id": "RHSA-2025:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0138", "reference_id": "RHSA-2025:0138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0144", "reference_id": "RHSA-2025:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0147", "reference_id": "RHSA-2025:0147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0162", "reference_id": "RHSA-2025:0162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0165", "reference_id": "RHSA-2025:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0166", "reference_id": "RHSA-2025:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0167", "reference_id": "RHSA-2025:0167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0275", "reference_id": "RHSA-2025:0275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0281", "reference_id": "RHSA-2025:0281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0284", "reference_id": "RHSA-2025:0284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0286", "reference_id": "RHSA-2025:0286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0287", "reference_id": "RHSA-2025:0287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0287" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929623", "reference_id": "show_bug.cgi?id=1929623", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T16:36:55Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929623" }, { "reference_url": "https://usn.ubuntu.com/7191-1/", "reference_id": "USN-7191-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7191-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-0240" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgpf-32kg-rqc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63041?format=api", "vulnerability_id": "VCID-tgsj-hp8b-27f9", "summary": "There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11711.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11711.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11711", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08172", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08015", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0803", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08124", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08091", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0816", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08085", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08146", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08134", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08169", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403776", "reference_id": "2403776", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403776" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989978", "reference_id": "show_bug.cgi?id=1989978", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989978" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-11711" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgsj-hp8b-27f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62996?format=api", "vulnerability_id": "VCID-tkzd-c11q-3qaf", "summary": "Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14331.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14331.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10932", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1095", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10897", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10822", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13633", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13718", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13545", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13682", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13616", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13543", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420512", "reference_id": "2420512", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420512" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-93/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2000218", "reference_id": "show_bug.cgi?id=2000218", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2000218" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14331" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkzd-c11q-3qaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42005?format=api", "vulnerability_id": "VCID-ukf2-qcjg-u7bg", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0243.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0243.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0243", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08516", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08488", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08503", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08521", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08527", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08508", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08435", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0846", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08363", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08379", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0243" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0243" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336175", "reference_id": "2336175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336175" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2C1932783", "reference_id": "buglist.cgi?bug_id=1827142%2C1932783", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:44:56Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2C1932783" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:44:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "reference_id": "mfsa2025-02", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:44:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", "reference_id": "mfsa2025-04", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:44:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", "reference_id": "mfsa2025-05", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-08T16:44:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0080", "reference_id": "RHSA-2025:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0132", "reference_id": "RHSA-2025:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0133", "reference_id": "RHSA-2025:0133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0134", "reference_id": "RHSA-2025:0134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0135", "reference_id": "RHSA-2025:0135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0136", "reference_id": "RHSA-2025:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0137", "reference_id": "RHSA-2025:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0138", "reference_id": "RHSA-2025:0138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0144", "reference_id": "RHSA-2025:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0147", "reference_id": "RHSA-2025:0147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0162", "reference_id": "RHSA-2025:0162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0165", "reference_id": "RHSA-2025:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0166", "reference_id": "RHSA-2025:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0167", "reference_id": "RHSA-2025:0167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0275", "reference_id": "RHSA-2025:0275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0281", "reference_id": "RHSA-2025:0281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0284", "reference_id": "RHSA-2025:0284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0286", "reference_id": "RHSA-2025:0286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0287", "reference_id": "RHSA-2025:0287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0287" }, { "reference_url": "https://usn.ubuntu.com/7191-1/", "reference_id": "USN-7191-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7191-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-0243" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukf2-qcjg-u7bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63015?format=api", "vulnerability_id": "VCID-ukut-zyjx-93gq", "summary": "Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12178", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12141", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12109", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11977", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1198", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12681", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17003", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26314", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26153", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26086", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414091", "reference_id": "2414091", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414091" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-89/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991945", "reference_id": "show_bug.cgi?id=1991945", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991945" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-13013" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukut-zyjx-93gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48294?format=api", "vulnerability_id": "VCID-upvn-56py-8ud7", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1933.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1933.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59535", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.5951", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59586", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59567", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59555", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59503", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6112", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61126", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61078", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61097", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65484", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1933" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349794", "reference_id": "2349794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349794" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:58:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15", "reference_id": "mfsa2025-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-15/", "reference_id": "mfsa2025-15", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:58:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:58:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:58:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:58:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2359", "reference_id": "RHSA-2025:2359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2452", "reference_id": "RHSA-2025:2452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2479", "reference_id": "RHSA-2025:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2480", "reference_id": "RHSA-2025:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2481", "reference_id": "RHSA-2025:2481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2484", "reference_id": "RHSA-2025:2484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2485", "reference_id": "RHSA-2025:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2486", "reference_id": "RHSA-2025:2486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2699", "reference_id": "RHSA-2025:2699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2708", "reference_id": "RHSA-2025:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2708" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1946004", "reference_id": "show_bug.cgi?id=1946004", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:58:36Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1946004" }, { "reference_url": "https://usn.ubuntu.com/7334-1/", "reference_id": "USN-7334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7334-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1933" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upvn-56py-8ud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62987?format=api", "vulnerability_id": "VCID-uy2g-rmuh-pkbe", "summary": "It was possible to craft an email that showed a tracking link as an\nattachment. If the user attempted to open the attachment, Thunderbird\nautomatically accessed the link. The configuration to block remote content\ndid not prevent that. Thunderbird has been fixed to no longer allow access\nto web pages listed in the X-Mozilla-External-Attachment-URL header of an\nemail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51557", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51463", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51517", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51515", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51559", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51538", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51526", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51569", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51578", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51477", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51504", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366297", "reference_id": "2366297", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366297" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-34", "reference_id": "mfsa2025-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-34/", "reference_id": "mfsa2025-34", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-34/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-35", "reference_id": "mfsa2025-35", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-35" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-35/", "reference_id": "mfsa2025-35", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-35/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8196", "reference_id": "RHSA-2025:8196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8203", "reference_id": "RHSA-2025:8203", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8324", "reference_id": "RHSA-2025:8324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8325", "reference_id": "RHSA-2025:8325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8326", "reference_id": "RHSA-2025:8326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8391", "reference_id": "RHSA-2025:8391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8507", "reference_id": "RHSA-2025:8507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8594", "reference_id": "RHSA-2025:8594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8784", "reference_id": "RHSA-2025:8784", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8784" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960412", "reference_id": "show_bug.cgi?id=1960412", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960412" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-3932" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uy2g-rmuh-pkbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62976?format=api", "vulnerability_id": "VCID-vcnn-u8k9-8ubs", "summary": "Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8035.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8035.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21167", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25939", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25869", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25897", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.259", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25991", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.2816", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28116", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8035" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382703", "reference_id": "2382703", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382703" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11747", "reference_id": "RHSA-2025:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11748", "reference_id": "RHSA-2025:11748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11797", "reference_id": "RHSA-2025:11797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12044", "reference_id": "RHSA-2025:12044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12045", "reference_id": "RHSA-2025:12045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12046", "reference_id": "RHSA-2025:12046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12187", "reference_id": "RHSA-2025:12187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12188", "reference_id": "RHSA-2025:12188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12278", "reference_id": "RHSA-2025:12278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12302", "reference_id": "RHSA-2025:12302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12353", "reference_id": "RHSA-2025:12353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12360", "reference_id": "RHSA-2025:12360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12361", "reference_id": "RHSA-2025:12361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13645", "reference_id": "RHSA-2025:13645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13646", "reference_id": "RHSA-2025:13646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13647", "reference_id": "RHSA-2025:13647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13648", "reference_id": "RHSA-2025:13648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13649", "reference_id": "RHSA-2025:13649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13650", "reference_id": "RHSA-2025:13650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13651", "reference_id": "RHSA-2025:13651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13676", "reference_id": "RHSA-2025:13676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13676" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975961", "reference_id": "show_bug.cgi?id=1975961", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:33Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975961" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-8035" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcnn-u8k9-8ubs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36152?format=api", "vulnerability_id": "VCID-vdpy-f9d9-pfac", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10467.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67346", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67368", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67321", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67356", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67369", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67282", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67305", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67348", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67283", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67334", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10467" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322433", "reference_id": "2322433", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322433" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706", "reference_id": "buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T14:23:47Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-55" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-55/", "reference_id": "mfsa2024-55", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T14:23:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-55/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-56/", "reference_id": "mfsa2024-56", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T14:23:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-58/", "reference_id": "mfsa2024-58", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T14:23:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-59/", "reference_id": "mfsa2024-59", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T14:23:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-59/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8720", "reference_id": "RHSA-2024:8720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8721", "reference_id": "RHSA-2024:8721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8722", "reference_id": "RHSA-2024:8722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8723", "reference_id": "RHSA-2024:8723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8724", "reference_id": "RHSA-2024:8724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8725", "reference_id": "RHSA-2024:8725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8726", "reference_id": "RHSA-2024:8726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8727", "reference_id": "RHSA-2024:8727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8728", "reference_id": "RHSA-2024:8728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8729", "reference_id": "RHSA-2024:8729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8790", "reference_id": "RHSA-2024:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8793", "reference_id": "RHSA-2024:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8793" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9015", "reference_id": "RHSA-2024:9015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9016", "reference_id": "RHSA-2024:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9017", "reference_id": "RHSA-2024:9017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9018", "reference_id": "RHSA-2024:9018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9019", "reference_id": "RHSA-2024:9019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9552", "reference_id": "RHSA-2024:9552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9554", "reference_id": "RHSA-2024:9554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9554" }, { "reference_url": "https://usn.ubuntu.com/7086-1/", "reference_id": "USN-7086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7086-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-10467" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpy-f9d9-pfac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62952?format=api", "vulnerability_id": "VCID-vz6w-wghm-nqaq", "summary": "Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9185.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24945", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24972", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24967", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25021", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25061", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25002", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25121", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9185" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9185" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389584", "reference_id": "2389584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389584" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166", "reference_id": "buglist.cgi?bug_id=1970154%2C1976782%2C1977166", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T03:56:23Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-64", "reference_id": "mfsa2025-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-64/", "reference_id": "mfsa2025-64", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T03:56:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-65", "reference_id": "mfsa2025-65", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-65" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-65/", "reference_id": "mfsa2025-65", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T03:56:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-65/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-66", "reference_id": "mfsa2025-66", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-66" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-66/", "reference_id": "mfsa2025-66", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T03:56:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-66/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-67", "reference_id": "mfsa2025-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-67/", "reference_id": "mfsa2025-67", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T03:56:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-70", "reference_id": "mfsa2025-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-70" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-70/", "reference_id": "mfsa2025-70", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T03:56:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-70/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-71", "reference_id": "mfsa2025-71", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-71" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-71/", "reference_id": "mfsa2025-71", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T03:56:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-71/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-72", "reference_id": "mfsa2025-72", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-72" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-72/", "reference_id": "mfsa2025-72", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-20T03:56:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-72/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14416", "reference_id": "RHSA-2025:14416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14417", "reference_id": "RHSA-2025:14417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14442", "reference_id": "RHSA-2025:14442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14640", "reference_id": "RHSA-2025:14640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14743", "reference_id": "RHSA-2025:14743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14844", "reference_id": "RHSA-2025:14844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15418", "reference_id": "RHSA-2025:15418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15419", "reference_id": "RHSA-2025:15419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15420", "reference_id": "RHSA-2025:15420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15421", "reference_id": "RHSA-2025:15421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15422", "reference_id": "RHSA-2025:15422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15423", "reference_id": "RHSA-2025:15423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15424", "reference_id": "RHSA-2025:15424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15430", "reference_id": "RHSA-2025:15430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15434", "reference_id": "RHSA-2025:15434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15435", "reference_id": "RHSA-2025:15435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15436", "reference_id": "RHSA-2025:15436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15437", "reference_id": "RHSA-2025:15437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15438", "reference_id": "RHSA-2025:15438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15496", "reference_id": "RHSA-2025:15496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15535", "reference_id": "RHSA-2025:15535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15535" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-9185" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vz6w-wghm-nqaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48292?format=api", "vulnerability_id": "VCID-w6j3-6a6j-uqf1", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1931.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1931.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55315", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55295", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55319", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59845", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65565", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65535", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65583", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65531", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1931" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349786", "reference_id": "2349786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349786" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-26T19:54:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15", "reference_id": "mfsa2025-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-15/", "reference_id": "mfsa2025-15", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-26T19:54:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-26T19:54:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-26T19:54:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-26T19:54:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2359", "reference_id": "RHSA-2025:2359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2452", "reference_id": "RHSA-2025:2452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2479", "reference_id": "RHSA-2025:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2480", "reference_id": "RHSA-2025:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2481", "reference_id": "RHSA-2025:2481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2484", "reference_id": "RHSA-2025:2484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2485", "reference_id": "RHSA-2025:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2486", "reference_id": "RHSA-2025:2486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2699", "reference_id": "RHSA-2025:2699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2708", "reference_id": "RHSA-2025:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2708" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1944126", "reference_id": "show_bug.cgi?id=1944126", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-26T19:54:21Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1944126" }, { "reference_url": "https://usn.ubuntu.com/7334-1/", "reference_id": "USN-7334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7334-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1931" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6j3-6a6j-uqf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41992?format=api", "vulnerability_id": "VCID-w7gj-shrq-3fcz", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26104", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26163", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26208", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26201", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26152", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26085", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26313", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26109", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30486", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32054", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11699" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947", "reference_id": "2328947", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911", "reference_id": "buglist.cgi?bug_id=1880582%2C1929911", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911" }, { "reference_url": "https://security.gentoo.org/glsa/202501-10", "reference_id": "GLSA-202501-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-10" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202509-02", "reference_id": "GLSA-202509-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "reference_id": "mfsa2024-63", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-63/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-64/", "reference_id": "mfsa2024-64", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-64/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "reference_id": "mfsa2024-67", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-68/", "reference_id": "mfsa2024-68", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-68/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10591", "reference_id": "RHSA-2024:10591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10592", "reference_id": "RHSA-2024:10592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10667", "reference_id": "RHSA-2024:10667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10702", "reference_id": "RHSA-2024:10702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10703", "reference_id": "RHSA-2024:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10704", "reference_id": "RHSA-2024:10704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10710", "reference_id": "RHSA-2024:10710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10733", "reference_id": "RHSA-2024:10733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10734", "reference_id": "RHSA-2024:10734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10742", "reference_id": "RHSA-2024:10742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10743", "reference_id": "RHSA-2024:10743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10745", "reference_id": "RHSA-2024:10745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10748", "reference_id": "RHSA-2024:10748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10752", "reference_id": "RHSA-2024:10752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10844", "reference_id": "RHSA-2024:10844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10848", "reference_id": "RHSA-2024:10848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10849", "reference_id": "RHSA-2024:10849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10880", "reference_id": "RHSA-2024:10880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10881", "reference_id": "RHSA-2024:10881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10881" }, { "reference_url": "https://usn.ubuntu.com/7134-1/", "reference_id": "USN-7134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-11699" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7gj-shrq-3fcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63012?format=api", "vulnerability_id": "VCID-wz6r-xzm9-m7hp", "summary": "Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18708", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18559", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18478", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414092", "reference_id": "2414092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414092" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980904", "reference_id": "show_bug.cgi?id=1980904", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980904" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-13017" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wz6r-xzm9-m7hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62991?format=api", "vulnerability_id": "VCID-xghm-4ygw-tkb2", "summary": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14324.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14324.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14324", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22585", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22449", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26673", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26717", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26557", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26595", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26624", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26616", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14324" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420517", "reference_id": "2420517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420517" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-93/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996840", "reference_id": "show_bug.cgi?id=1996840", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996840" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-14324" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xghm-4ygw-tkb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62967?format=api", "vulnerability_id": "VCID-y45y-r8h7-6yez", "summary": "Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5269.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5269.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5269", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62477", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62476", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62441", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62395", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62494", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62487", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62466", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62426", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5269" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368757", "reference_id": "2368757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368757" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-44/", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T17:41:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-44/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-46/", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T17:41:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-46/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8293", "reference_id": "RHSA-2025:8293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8308", "reference_id": "RHSA-2025:8308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8341", "reference_id": "RHSA-2025:8341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9071", "reference_id": "RHSA-2025:9071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9072", "reference_id": "RHSA-2025:9072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9073", "reference_id": "RHSA-2025:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9074", "reference_id": "RHSA-2025:9074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9075", "reference_id": "RHSA-2025:9075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9076", "reference_id": "RHSA-2025:9076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9077", "reference_id": "RHSA-2025:9077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9155", "reference_id": "RHSA-2025:9155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9155" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924108", "reference_id": "show_bug.cgi?id=1924108", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T17:41:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924108" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-5269" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y45y-r8h7-6yez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48298?format=api", "vulnerability_id": "VCID-y7sk-dmau-4fam", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1936.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1936.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1936", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35888", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35873", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35849", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39928", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00477", "scoring_system": "epss", "scoring_elements": "0.64931", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00477", "scoring_system": "epss", "scoring_elements": "0.64903", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00477", "scoring_system": "epss", "scoring_elements": "0.64976", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00477", "scoring_system": "epss", "scoring_elements": "0.64959", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00477", "scoring_system": "epss", "scoring_elements": "0.64944", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00477", "scoring_system": "epss", "scoring_elements": "0.64894", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1936" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1936", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1936" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349797", "reference_id": "2349797", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349797" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2359", "reference_id": "RHSA-2025:2359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2452", "reference_id": "RHSA-2025:2452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2479", "reference_id": "RHSA-2025:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2480", "reference_id": "RHSA-2025:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2481", "reference_id": "RHSA-2025:2481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2484", "reference_id": "RHSA-2025:2484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2485", "reference_id": "RHSA-2025:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2486", "reference_id": "RHSA-2025:2486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2699", "reference_id": "RHSA-2025:2699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2708", "reference_id": "RHSA-2025:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2708" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940027", "reference_id": "show_bug.cgi?id=1940027", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940027" }, { "reference_url": "https://usn.ubuntu.com/7334-1/", "reference_id": "USN-7334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7334-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1936" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7sk-dmau-4fam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62971?format=api", "vulnerability_id": "VCID-yfwd-x224-3qe6", "summary": "Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8030.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8030.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12843", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12795", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19528", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19563", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19622", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19671", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19666", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19614", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21452", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21483", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8030" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382710", "reference_id": "2382710", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382710" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-56/", "reference_id": "mfsa2025-56", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-58/", "reference_id": "mfsa2025-58", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-59/", "reference_id": "mfsa2025-59", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-61/", "reference_id": "mfsa2025-61", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-62/", "reference_id": "mfsa2025-62", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-63/", "reference_id": "mfsa2025-63", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11747", "reference_id": "RHSA-2025:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11748", "reference_id": "RHSA-2025:11748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11797", "reference_id": "RHSA-2025:11797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12044", "reference_id": "RHSA-2025:12044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12045", "reference_id": "RHSA-2025:12045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12046", "reference_id": "RHSA-2025:12046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12187", "reference_id": "RHSA-2025:12187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12188", "reference_id": "RHSA-2025:12188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12278", "reference_id": "RHSA-2025:12278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12302", "reference_id": "RHSA-2025:12302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12353", "reference_id": "RHSA-2025:12353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12360", "reference_id": "RHSA-2025:12360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12361", "reference_id": "RHSA-2025:12361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13645", "reference_id": "RHSA-2025:13645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13646", "reference_id": "RHSA-2025:13646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13647", "reference_id": "RHSA-2025:13647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13648", "reference_id": "RHSA-2025:13648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13649", "reference_id": "RHSA-2025:13649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13650", "reference_id": "RHSA-2025:13650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13651", "reference_id": "RHSA-2025:13651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13676", "reference_id": "RHSA-2025:13676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13676" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414", "reference_id": "show_bug.cgi?id=1968414", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-24T03:55:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-8030" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfwd-x224-3qe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62912?format=api", "vulnerability_id": "VCID-ymu8-mjph-f7a4", "summary": "A race during concurrent delazification could have led to a use-after-free.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1012.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62433", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62449", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62443", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6243", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62411", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62394", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62344", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62398", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6242", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62348", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343765", "reference_id": "2343765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343765" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", "reference_id": "mfsa2025-07", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-08", "reference_id": "mfsa2025-08", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-08" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-08/", "reference_id": "mfsa2025-08", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", "reference_id": "mfsa2025-09", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", "reference_id": "mfsa2025-10", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", "reference_id": "mfsa2025-11", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1066", "reference_id": "RHSA-2025:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1132", "reference_id": "RHSA-2025:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1133", "reference_id": "RHSA-2025:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1135", "reference_id": "RHSA-2025:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1136", "reference_id": "RHSA-2025:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1137", "reference_id": "RHSA-2025:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1138", "reference_id": "RHSA-2025:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1139", "reference_id": "RHSA-2025:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1140", "reference_id": "RHSA-2025:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1184", "reference_id": "RHSA-2025:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1283", "reference_id": "RHSA-2025:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1292", "reference_id": "RHSA-2025:1292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1317", "reference_id": "RHSA-2025:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1318", "reference_id": "RHSA-2025:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1319", "reference_id": "RHSA-2025:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1339", "reference_id": "RHSA-2025:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1340", "reference_id": "RHSA-2025:1340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1341", "reference_id": "RHSA-2025:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1348", "reference_id": "RHSA-2025:1348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1348" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1939710", "reference_id": "show_bug.cgi?id=1939710", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1939710" }, { "reference_url": "https://usn.ubuntu.com/7263-1/", "reference_id": "USN-7263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7263-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1012" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymu8-mjph-f7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48293?format=api", "vulnerability_id": "VCID-z8cr-rten-qqg2", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39946", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40054", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40023", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40024", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40004", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43252", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43223", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43274", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43253", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43241", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43189", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1932" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349796", "reference_id": "2349796", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349796" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "reference_id": "mfsa2025-14", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:05:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-16/", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:05:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "reference_id": "mfsa2025-17", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:05:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-18/", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:05:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2359", "reference_id": "RHSA-2025:2359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2452", "reference_id": "RHSA-2025:2452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2479", "reference_id": "RHSA-2025:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2480", "reference_id": "RHSA-2025:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2481", "reference_id": "RHSA-2025:2481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2484", "reference_id": "RHSA-2025:2484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2485", "reference_id": "RHSA-2025:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2486", "reference_id": "RHSA-2025:2486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2699", "reference_id": "RHSA-2025:2699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2708", "reference_id": "RHSA-2025:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2708" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1944313", "reference_id": "show_bug.cgi?id=1944313", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:05:35Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1944313" }, { "reference_url": "https://usn.ubuntu.com/7334-1/", "reference_id": "USN-7334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7334-1/" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-1932" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8cr-rten-qqg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48291?format=api", "vulnerability_id": "VCID-zefw-etrb-z3fu", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75881", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75845", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75856", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.7588", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75861", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75855", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75892", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75895", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75801", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.75812", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://source.android.com/security/bulletin/2024-12-01", "reference_id": "2024-12-01", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T15:56:38Z/" } ], "url": "https://source.android.com/security/bulletin/2024-12-01" }, { "reference_url": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7", "reference_id": "8d355fe1d0795fc30b84194b87563f75c6f8f2a7", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T15:56:38Z/" } ], "url": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7" }, { "reference_url": "https://security.gentoo.org/glsa/202505-02", "reference_id": "GLSA-202505-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-02" }, { "reference_url": "https://security.gentoo.org/glsa/202505-03", "reference_id": "GLSA-202505-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-03" }, { "reference_url": "https://security.gentoo.org/glsa/202505-08", "reference_id": "GLSA-202505-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01", "reference_id": "mfsa2025-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15", "reference_id": "mfsa2025-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16", "reference_id": "mfsa2025-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18", "reference_id": "mfsa2025-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049230?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-15j8-br8z-juf3" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-1hay-xe3q-gyb4" }, { "vulnerability": "VCID-1u8u-pnq3-t7ae" }, { "vulnerability": "VCID-1v2s-g46y-ybdc" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3gmj-y8qd-ufej" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3sg3-9yx7-fufa" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-4xqc-36jb-63c2" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-5ept-fu7g-8kes" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-6cx1-8t9m-u3av" }, { "vulnerability": "VCID-6fsa-bnes-tkff" }, { "vulnerability": "VCID-6mur-mtfg-97gt" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7wmw-hpfw-vuaa" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8u4y-zrhv-8fe9" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-8zy6-g8kn-hbdc" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9zxb-j4ep-n7g9" }, { "vulnerability": "VCID-a98z-hwzc-wkcj" }, { "vulnerability": "VCID-azdd-vdn3-kffy" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b5jm-57h2-2qcs" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-b8dx-232z-qbbc" }, { "vulnerability": "VCID-cpez-x3zd-p7bu" }, { "vulnerability": "VCID-deth-9krh-kufj" }, { "vulnerability": "VCID-dxwp-5jfs-nuew" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-gcnq-avax-aqcv" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-h2gc-zk2a-1fg6" }, { "vulnerability": "VCID-hsc9-up4x-nbgs" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-jybh-8px4-pqau" }, { "vulnerability": "VCID-kk2m-2mxz-sbex" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m3mp-su9k-sfhs" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-menq-g5ce-1yd8" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-mn6j-2wd1-ukfb" }, { "vulnerability": "VCID-ndd4-kd1y-z7ep" }, { "vulnerability": "VCID-nhsr-4zux-2bck" }, { "vulnerability": "VCID-nkpq-9gd6-nuc4" }, { "vulnerability": "VCID-ntqr-ptmu-yuen" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-p9zh-7wyj-hffm" }, { "vulnerability": "VCID-pemg-ndu8-wbbc" }, { "vulnerability": "VCID-q1pv-avug-juef" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qcxw-ds31-3ubd" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-qm8f-f8nr-qba9" }, { "vulnerability": "VCID-qta2-8rnt-k7d1" }, { "vulnerability": "VCID-r7vt-w149-9bfn" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-sgwe-9xfj-6kav" }, { "vulnerability": "VCID-ss9j-7jd7-nbf1" }, { "vulnerability": "VCID-t2c3-smqc-zkba" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-te1e-sjsk-bfd8" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-ud33-vgxh-8khj" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w4u8-25rz-gqeq" }, { "vulnerability": "VCID-wagm-cq36-k7g3" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-wwdh-xmux-3qdq" }, { "vulnerability": "VCID-wwkc-4c69-cbea" }, { "vulnerability": "VCID-xcbn-tkgg-4ben" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-zdxh-fp2e-47dd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" } ], "aliases": [ "CVE-2024-43097" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zefw-etrb-z3fu" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1" }