Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1049373?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "type": "deb", "namespace": "debian", "name": "firefox-esr", "version": "140.8.0esr-1~deb13u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62703?format=api", "vulnerability_id": "VCID-13he-qsr4-h3d4", "summary": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4709", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06454", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06339", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06355", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06362", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06322", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.063", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07114", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07156", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450726", "reference_id": "2450726", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450726" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016329", "reference_id": "show_bug.cgi?id=2016329", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016329" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016342", "reference_id": "show_bug.cgi?id=2016342", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016342" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4709" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13he-qsr4-h3d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62709?format=api", "vulnerability_id": "VCID-1fv1-edht-ufag", "summary": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06869", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06843", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450723", "reference_id": "2450723", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450723" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018405", "reference_id": "show_bug.cgi?id=2018405", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018405" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4715" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fv1-edht-ufag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62708?format=api", "vulnerability_id": "VCID-23eu-22t2-cydd", "summary": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05466", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05996", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06003", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450725", "reference_id": "2450725", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450725" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018126", "reference_id": "show_bug.cgi?id=2018126", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018126" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4714" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23eu-22t2-cydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62686?format=api", "vulnerability_id": "VCID-26d3-ctnj-7kbh", "summary": "Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10092", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10076", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10204", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10264", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10228", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10167", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10196", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10131", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10166", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10185", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10054", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11121", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11187", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450738", "reference_id": "2450738", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450738" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017512", "reference_id": "show_bug.cgi?id=2017512", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017512" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4691" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26d3-ctnj-7kbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62710?format=api", "vulnerability_id": "VCID-289s-f2w6-53g9", "summary": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06869", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06843", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4716" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450720", "reference_id": "2450720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450720" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018592", "reference_id": "show_bug.cgi?id=2018592", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018592" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4716" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-289s-f2w6-53g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353248?format=api", "vulnerability_id": "VCID-2fqb-r5zb-a7dp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14977", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14974", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19678", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103", "reference_id": "2460103", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022604", "reference_id": "show_bug.cgi?id=2022604", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022604" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6748" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fqb-r5zb-a7dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62693?format=api", "vulnerability_id": "VCID-351y-4nek-u3aw", "summary": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07468", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07439", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07449", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07537", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07527", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07487", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12851", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12871", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14073", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14005", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450719", "reference_id": "2450719", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450719" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020906", "reference_id": "show_bug.cgi?id=2020906", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020906" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4698" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-351y-4nek-u3aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62714?format=api", "vulnerability_id": "VCID-3grf-hwk1-3fh8", "summary": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4719", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05466", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05996", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06003", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4719" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450746", "reference_id": "2450746", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450746" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016367", "reference_id": "show_bug.cgi?id=2016367", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016367" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4719" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3grf-hwk1-3fh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62716?format=api", "vulnerability_id": "VCID-3kd3-hwzv-efbn", "summary": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06155", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06184", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06213", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06228", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06237", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06198", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06172", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06141", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06352", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06333", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06979", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07015", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450711", "reference_id": "2450711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450711" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676", "reference_id": "buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4721" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kd3-hwzv-efbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353261?format=api", "vulnerability_id": "VCID-3kv6-c148-nkhq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09518", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09553", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13012", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460107", "reference_id": "2460107", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460107" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022419", "reference_id": "show_bug.cgi?id=2022419", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022419" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6765" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kv6-c148-nkhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62699?format=api", "vulnerability_id": "VCID-3xgu-7evz-mffw", "summary": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05592", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05614", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0562", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05629", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05656", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0563", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05557", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05769", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05737", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05579", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05565", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06273", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06284", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450722", "reference_id": "2450722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450722" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014873", "reference_id": "show_bug.cgi?id=2014873", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014873" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4705" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xgu-7evz-mffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62715?format=api", "vulnerability_id": "VCID-4q6w-tdk9-d3an", "summary": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06869", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06843", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450751", "reference_id": "2450751", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450751" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733", "reference_id": "buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4720" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4q6w-tdk9-d3an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353265?format=api", "vulnerability_id": "VCID-59d3-343b-e3aw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13446", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13474", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17991", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460079", "reference_id": "2460079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460079" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2024220", "reference_id": "show_bug.cgi?id=2024220", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2024220" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6770" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-59d3-343b-e3aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349997?format=api", "vulnerability_id": "VCID-5dw5-vpt8-zqbz", "summary": "Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17223", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17244", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20012", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20168", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20167", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20048", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20043", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21867", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21869", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5731" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901", "reference_id": "2455901", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-26", "reference_id": "mfsa2026-26", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-26/", "reference_id": "mfsa2026-26", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-27/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-29/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072927?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1056066?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.1esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1" } ], "aliases": [ "CVE-2026-5731" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dw5-vpt8-zqbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353257?format=api", "vulnerability_id": "VCID-61r1-arbe-dke4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.123", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12334", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13298", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460099", "reference_id": "2460099", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460099" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017857", "reference_id": "show_bug.cgi?id=2017857", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017857" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6761" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-61r1-arbe-dke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62682?format=api", "vulnerability_id": "VCID-646f-ndeq-5bee", "summary": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06376", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06444", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06454", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06425", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06388", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06357", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06559", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06543", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06394", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07205", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07233", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450757", "reference_id": "2450757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450757" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016368", "reference_id": "show_bug.cgi?id=2016368", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016368" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4687" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-646f-ndeq-5bee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62683?format=api", "vulnerability_id": "VCID-675n-7uzz-pqdj", "summary": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05401", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05409", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05422", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05449", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05385", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05426", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05519", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05354", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06089", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06095", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450713", "reference_id": "2450713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450713" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016373", "reference_id": "show_bug.cgi?id=2016373", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016373" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4688" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-675n-7uzz-pqdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62712?format=api", "vulnerability_id": "VCID-77y6-jskt-qucb", "summary": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12038", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15188", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15184", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15663", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15811", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15808", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18108", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18262", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18121", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18215", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/1018", "reference_id": "1018", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/1018" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1034", "reference_id": "1034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1034" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298", "reference_id": "1115298", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108", "reference_id": "2395108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "reference_url": "https://issues.oss-fuzz.com/issues/439133977", "reference_id": "439133977", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://issues.oss-fuzz.com/issues/439133977" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes", "reference_id": "Changes", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74", "reference_id": "Changes#L45-L74", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19020", "reference_id": "RHSA-2025:19020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19403", "reference_id": "RHSA-2025:19403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21030", "reference_id": "RHSA-2025:21030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21773", "reference_id": "RHSA-2025:21773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21974", "reference_id": "RHSA-2025:21974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22033", "reference_id": "RHSA-2025:22033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22034", "reference_id": "RHSA-2025:22034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22175", "reference_id": "RHSA-2025:22175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22618", "reference_id": "RHSA-2025:22618", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22618" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22935", "reference_id": "RHSA-2025:22935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23202", "reference_id": "RHSA-2025:23202", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23204", "reference_id": "RHSA-2025:23204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23205", "reference_id": "RHSA-2025:23205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23209", "reference_id": "RHSA-2025:23209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23227", "reference_id": "RHSA-2025:23227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23248", "reference_id": "RHSA-2025:23248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23449", "reference_id": "RHSA-2025:23449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23550", "reference_id": "RHSA-2025:23550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0001", "reference_id": "RHSA-2026:0001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0076", "reference_id": "RHSA-2026:0076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0077", "reference_id": "RHSA-2026:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0078", "reference_id": "RHSA-2026:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0326", "reference_id": "RHSA-2026:0326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0332", "reference_id": "RHSA-2026:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0420", "reference_id": "RHSA-2026:0420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0518", "reference_id": "RHSA-2026:0518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0674", "reference_id": "RHSA-2026:0674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0677", "reference_id": "RHSA-2026:0677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0702", "reference_id": "RHSA-2026:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0996", "reference_id": "RHSA-2026:0996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1541", "reference_id": "RHSA-2026:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3407", "reference_id": "RHSA-2026:3407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5396", "reference_id": "RHSA-2026:5396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5396" }, { "reference_url": "https://usn.ubuntu.com/8022-1/", "reference_id": "USN-8022-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8022-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2025-59375" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77y6-jskt-qucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353262?format=api", "vulnerability_id": "VCID-7jt2-zr49-7ye5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6766.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09893", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09926", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13452", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6766" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460097", "reference_id": "2460097", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460097" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023207", "reference_id": "show_bug.cgi?id=2023207", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023207" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6766" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jt2-zr49-7ye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62690?format=api", "vulnerability_id": "VCID-8qyy-e4jt-rbc4", "summary": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05142", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05197", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05113", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05291", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05256", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05103", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05098", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05877", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05887", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450715", "reference_id": "2450715", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450715" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020030", "reference_id": "show_bug.cgi?id=2020030", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4695" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qyy-e4jt-rbc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62756?format=api", "vulnerability_id": "VCID-8vka-qus2-tbhj", "summary": "Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03974", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03958", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03839", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03829", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03877", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03896", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03927", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03884", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03902", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05192", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0519", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283", "reference_id": "1128283", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219", "reference_id": "2440219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-10", "reference_id": "mfsa2026-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-10" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-10/", "reference_id": "mfsa2026-10", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-10/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-11", "reference_id": "mfsa2026-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-11/", "reference_id": "mfsa2026-11", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-11/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3967", "reference_id": "RHSA-2026:3967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4447", "reference_id": "RHSA-2026:4447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4629", "reference_id": "RHSA-2026:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5227", "reference_id": "RHSA-2026:5227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5228", "reference_id": "RHSA-2026:5228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5229", "reference_id": "RHSA-2026:5229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5230", "reference_id": "RHSA-2026:5230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5231", "reference_id": "RHSA-2026:5231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5319", "reference_id": "RHSA-2026:5319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5320", "reference_id": "RHSA-2026:5320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5323", "reference_id": "RHSA-2026:5323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5324", "reference_id": "RHSA-2026:5324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5326", "reference_id": "RHSA-2026:5326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014390", "reference_id": "show_bug.cgi?id=2014390", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014390" }, { "reference_url": "https://usn.ubuntu.com/8053-1/", "reference_id": "USN-8053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8053-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-2447" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vka-qus2-tbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62684?format=api", "vulnerability_id": "VCID-8xek-k5y2-6bfp", "summary": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07573", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07548", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07623", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07637", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0765", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07649", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07632", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07556", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07624", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07676", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07536", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08368", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08401", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450718", "reference_id": "2450718", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450718" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016374", "reference_id": "show_bug.cgi?id=2016374", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016374" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4689" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xek-k5y2-6bfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353251?format=api", "vulnerability_id": "VCID-95et-ezmb-buau", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6751.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13446", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13474", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17991", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460109", "reference_id": "2460109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460109" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2025883", "reference_id": "show_bug.cgi?id=2025883", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2025883" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6751" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95et-ezmb-buau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349998?format=api", "vulnerability_id": "VCID-9ag7-z86d-nba9", "summary": "Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13903", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13955", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13912", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13876", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18602", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18556", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18413", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18456", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18471", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18547", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897", "reference_id": "2455897", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505", "reference_id": "buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-27/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-29/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072927?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1056066?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.1esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1" } ], "aliases": [ "CVE-2026-5734" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ag7-z86d-nba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353259?format=api", "vulnerability_id": "VCID-9nbw-7c9e-13af", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12897", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12932", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17294", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460101", "reference_id": "2460101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460101" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021666", "reference_id": "show_bug.cgi?id=2021666", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6763" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nbw-7c9e-13af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353258?format=api", "vulnerability_id": "VCID-av7u-3g4m-mugm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6762.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12289", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12323", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13289", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460076", "reference_id": "2460076", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460076" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021080", "reference_id": "show_bug.cgi?id=2021080", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021080" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6762" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-av7u-3g4m-mugm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62701?format=api", "vulnerability_id": "VCID-b4bq-q3ga-3ff1", "summary": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03727", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03554", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04339", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04305", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450755", "reference_id": "2450755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450755" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015267", "reference_id": "show_bug.cgi?id=2015267", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015267" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4707" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4bq-q3ga-3ff1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62691?format=api", "vulnerability_id": "VCID-b6sf-z5tm-4uau", "summary": "Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07468", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07449", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07537", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07527", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07487", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07529", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07567", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07439", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08267", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08301", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450740", "reference_id": "2450740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450740" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020190", "reference_id": "show_bug.cgi?id=2020190", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4696" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6sf-z5tm-4uau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353250?format=api", "vulnerability_id": "VCID-bwth-uepr-z7a3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12533", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13564", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14809", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460102", "reference_id": "2460102", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460102" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023407", "reference_id": "show_bug.cgi?id=2023407", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6750" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwth-uepr-z7a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353246?format=api", "vulnerability_id": "VCID-cjsm-7gxr-8ygw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6746.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6746.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14812", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19472", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460112", "reference_id": "2460112", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460112" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014596", "reference_id": "show_bug.cgi?id=2014596", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014596" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6746" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjsm-7gxr-8ygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353252?format=api", "vulnerability_id": "VCID-d16s-p141-qbft", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6752.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15177", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15181", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.1988", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460078", "reference_id": "2460078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460078" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027499", "reference_id": "show_bug.cgi?id=2027499", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027499" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6752" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d16s-p141-qbft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62694?format=api", "vulnerability_id": "VCID-e2k8-m9sm-8uek", "summary": "Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06458", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07118", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07159", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450739", "reference_id": "2450739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450739" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021863", "reference_id": "show_bug.cgi?id=2021863", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021863" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4699" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2k8-m9sm-8uek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19209?format=api", "vulnerability_id": "VCID-f81v-9fv8-93cd", "summary": "Out-of-bounds Write\nHeap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87744", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87745", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87731", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87733", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.8774", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87722", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04175", "scoring_system": "epss", "scoring_elements": "0.88729", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04175", "scoring_system": "epss", "scoring_elements": "0.88708", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04175", "scoring_system": "epss", "scoring_elements": "0.88723", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04175", "scoring_system": "epss", "scoring_elements": "0.88728", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.049", "scoring_system": "epss", "scoring_elements": "0.89576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.049", "scoring_system": "epss", "scoring_elements": "0.89562", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191" }, { "reference_url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" }, { "reference_url": "https://crbug.com/1486441", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://crbug.com/1486441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/12" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/16" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/40022", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40022" }, { "reference_url": "https://github.com/electron/electron/pull/40023", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40023" }, { "reference_url": "https://github.com/electron/electron/pull/40024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40024" }, { "reference_url": "https://github.com/electron/electron/pull/40025", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40025" }, { "reference_url": "https://github.com/electron/electron/pull/40026", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40026" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v22.3.25", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v22.3.25" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v24.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v24.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v25.8.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v25.8.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v26.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v26.2.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "reference_url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1" }, { "reference_url": "https://github.com/webmproject/libvpx/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/tags" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "reference_url": "https://pastebin.com/TdkC4pDv", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://pastebin.com/TdkC4pDv" }, { "reference_url": "https://security.gentoo.org/glsa/202310-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202310-04" }, { "reference_url": "https://security.gentoo.org/glsa/202401-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202401-34" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/" }, { "reference_url": "https://support.apple.com/kb/HT213961", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213961" }, { "reference_url": "https://support.apple.com/kb/HT213972", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213972" }, { "reference_url": "https://twitter.com/maddiestone/status/1707163313711497266", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://twitter.com/maddiestone/status/1707163313711497266" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5508", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5508" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5509", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5509" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5510", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5510" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/03/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182", "reference_id": "1053182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/", "reference_id": "AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217" }, { "reference_url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g", "reference_id": "GHSA-qqvq-6xgj-jw8g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5426", "reference_id": "RHSA-2023:5426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5427", "reference_id": "RHSA-2023:5427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5428", "reference_id": "RHSA-2023:5428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5429", "reference_id": "RHSA-2023:5429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5430", "reference_id": "RHSA-2023:5430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5432", "reference_id": "RHSA-2023:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5433", "reference_id": "RHSA-2023:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5434", "reference_id": "RHSA-2023:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5435", "reference_id": "RHSA-2023:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5436", "reference_id": "RHSA-2023:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5437", "reference_id": "RHSA-2023:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5438", "reference_id": "RHSA-2023:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5439", "reference_id": "RHSA-2023:5439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5440", "reference_id": "RHSA-2023:5440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5475", "reference_id": "RHSA-2023:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5477", "reference_id": "RHSA-2023:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5534", "reference_id": "RHSA-2023:5534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5535", "reference_id": "RHSA-2023:5535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5536", "reference_id": "RHSA-2023:5536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5537", "reference_id": "RHSA-2023:5537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5538", "reference_id": "RHSA-2023:5538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5539", "reference_id": "RHSA-2023:5539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5540", "reference_id": "RHSA-2023:5540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5540" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/", "reference_id": "TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/" }, { "reference_url": "https://usn.ubuntu.com/6403-1/", "reference_id": "USN-6403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-1/" }, { "reference_url": "https://usn.ubuntu.com/6403-2/", "reference_id": "USN-6403-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-2/" }, { "reference_url": "https://usn.ubuntu.com/6403-3/", "reference_id": "USN-6403-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-3/" }, { "reference_url": "https://usn.ubuntu.com/6404-1/", "reference_id": "USN-6404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6404-1/" }, { "reference_url": "https://usn.ubuntu.com/6405-1/", "reference_id": "USN-6405-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6405-1/" }, { "reference_url": "https://usn.ubuntu.com/7172-1/", "reference_id": "USN-7172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1056066?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.1esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2023-5217", "GHSA-qqvq-6xgj-jw8g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f81v-9fv8-93cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62697?format=api", "vulnerability_id": "VCID-ft6u-geds-fua9", "summary": "JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06869", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06843", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450744", "reference_id": "2450744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450744" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013560", "reference_id": "show_bug.cgi?id=2013560", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013560" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4702" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ft6u-geds-fua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353263?format=api", "vulnerability_id": "VCID-fxjm-ywug-f3d5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10758", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10742", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14669", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460086", "reference_id": "2460086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460086" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023209", "reference_id": "show_bug.cgi?id=2023209", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023209" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6767" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjm-ywug-f3d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62687?format=api", "vulnerability_id": "VCID-gkva-6cu9-7keg", "summary": "Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06982", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06995", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07064", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07068", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07002", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06948", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07112", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0698", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07769", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07792", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450748", "reference_id": "2450748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450748" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017643", "reference_id": "show_bug.cgi?id=2017643", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017643" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4692" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkva-6cu9-7keg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353267?format=api", "vulnerability_id": "VCID-hk2m-rbdy-nqhc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11114", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11157", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15173", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460074", "reference_id": "2460074", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460074" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2026089", "reference_id": "show_bug.cgi?id=2026089", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2026089" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6772" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hk2m-rbdy-nqhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62698?format=api", "vulnerability_id": "VCID-hshc-4xnc-gug4", "summary": "Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05142", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05197", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05113", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05291", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05256", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05103", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05098", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05877", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05887", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450756", "reference_id": "2450756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450756" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014868", "reference_id": "show_bug.cgi?id=2014868", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014868" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4704" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hshc-4xnc-gug4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62711?format=api", "vulnerability_id": "VCID-hstd-23qm-bqdg", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06869", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06843", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4717" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450712", "reference_id": "2450712", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450712" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021695", "reference_id": "show_bug.cgi?id=2021695", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021695" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4717" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hstd-23qm-bqdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62688?format=api", "vulnerability_id": "VCID-j1hb-8jjy-tqgq", "summary": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06458", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07118", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07159", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450741", "reference_id": "2450741", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450741" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018102", "reference_id": "show_bug.cgi?id=2018102", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018102" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4693" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1hb-8jjy-tqgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62707?format=api", "vulnerability_id": "VCID-kuwd-6tcg-fuha", "summary": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05466", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05996", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06003", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450730", "reference_id": "2450730", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450730" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018113", "reference_id": "show_bug.cgi?id=2018113", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018113" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4713" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwd-6tcg-fuha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62695?format=api", "vulnerability_id": "VCID-m6uv-91wz-xfdv", "summary": "Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05901", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0594", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0595", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05959", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05978", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05939", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05877", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06091", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06069", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05916", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06612", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06619", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4700" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450752", "reference_id": "2450752", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450752" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003766", "reference_id": "show_bug.cgi?id=2003766", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003766" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4700" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6uv-91wz-xfdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353260?format=api", "vulnerability_id": "VCID-ma29-qa7e-9qb4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1345", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13479", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17994", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460106", "reference_id": "2460106", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022162", "reference_id": "show_bug.cgi?id=2022162", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6764" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ma29-qa7e-9qb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62679?format=api", "vulnerability_id": "VCID-mm6w-kpe8-4kg3", "summary": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4684", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02861", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02814", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02835", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02854", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02863", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02837", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02935", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02941", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03669", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03623", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450721", "reference_id": "2450721", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450721" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011129", "reference_id": "show_bug.cgi?id=2011129", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011129" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4684" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mm6w-kpe8-4kg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353264?format=api", "vulnerability_id": "VCID-nge1-4cvg-zqb2", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.123", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12334", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13298", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460108", "reference_id": "2460108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460108" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023753", "reference_id": "show_bug.cgi?id=2023753", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023753" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6769" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nge1-4cvg-zqb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62713?format=api", "vulnerability_id": "VCID-nvsz-9s3r-nbhq", "summary": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01692", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01665", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01676", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01686", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01701", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01693", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01691", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01683", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01768", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01757", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01668", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02185", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02218", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4718" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450742", "reference_id": "2450742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450742" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014864", "reference_id": "show_bug.cgi?id=2014864", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014864" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4718" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nvsz-9s3r-nbhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353268?format=api", "vulnerability_id": "VCID-nyum-jpbc-abew", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0177", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01775", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.022", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460110", "reference_id": "2460110", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460110" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021770", "reference_id": "show_bug.cgi?id=2021770", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021770" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6776" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyum-jpbc-abew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353270?format=api", "vulnerability_id": "VCID-p6yz-xs58-u3gm", "summary": "Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14087", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14113", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19678", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460088", "reference_id": "2460088", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460088" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6786" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yz-xs58-u3gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353269?format=api", "vulnerability_id": "VCID-pfmd-zv8f-8bfc", "summary": "Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6785.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.16978", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.16997", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20012", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460104", "reference_id": "2460104", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460104" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6785" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pfmd-zv8f-8bfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353255?format=api", "vulnerability_id": "VCID-q689-wneh-hbdq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11162", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11204", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12224", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460085", "reference_id": "2460085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460085" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013588", "reference_id": "show_bug.cgi?id=2013588", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013588" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6757" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q689-wneh-hbdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353249?format=api", "vulnerability_id": "VCID-q8qp-5szp-mfe8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6749.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11114", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11157", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15173", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096", "reference_id": "2460096", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022610", "reference_id": "show_bug.cgi?id=2022610", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022610" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6749" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8qp-5szp-mfe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349995?format=api", "vulnerability_id": "VCID-qbzp-euvv-q7c7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5732", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11778", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1175", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11723", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11789", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12843", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12862", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12742", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12738", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12717", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12824", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908", "reference_id": "2455908", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-27/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-29/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017867", "reference_id": "show_bug.cgi?id=2017867", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072927?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1056066?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.1esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1" } ], "aliases": [ "CVE-2026-5732" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbzp-euvv-q7c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62700?format=api", "vulnerability_id": "VCID-qkks-24cp-gqg2", "summary": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06458", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07118", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07159", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450714", "reference_id": "2450714", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015091", "reference_id": "show_bug.cgi?id=2015091", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015091" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4706" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkks-24cp-gqg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62696?format=api", "vulnerability_id": "VCID-rp5h-ym8y-skbw", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06869", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06843", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4701" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450710", "reference_id": "2450710", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450710" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009303", "reference_id": "show_bug.cgi?id=2009303", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4701" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rp5h-ym8y-skbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353253?format=api", "vulnerability_id": "VCID-ruqn-mk9t-57hb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6753.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13446", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13474", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17991", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460092", "reference_id": "2460092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460092" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027501", "reference_id": "show_bug.cgi?id=2027501", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027501" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6753" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruqn-mk9t-57hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62680?format=api", "vulnerability_id": "VCID-t4t3-5pt5-ayds", "summary": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4685", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06458", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07118", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07159", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450724", "reference_id": "2450724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450724" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016349", "reference_id": "show_bug.cgi?id=2016349", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016349" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4685" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4t3-5pt5-ayds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353266?format=api", "vulnerability_id": "VCID-tv7r-qf2c-dqbm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14505", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14507", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19115", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460105", "reference_id": "2460105", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460105" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2025067", "reference_id": "show_bug.cgi?id=2025067", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2025067" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6771" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7r-qf2c-dqbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62681?format=api", "vulnerability_id": "VCID-u3j3-fc4f-7ff7", "summary": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06458", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07118", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07159", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450734", "reference_id": "2450734", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450734" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016351", "reference_id": "show_bug.cgi?id=2016351", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016351" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4686" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u3j3-fc4f-7ff7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353254?format=api", "vulnerability_id": "VCID-w98r-yagc-kkec", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14812", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19472", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460075", "reference_id": "2460075", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460075" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027541", "reference_id": "show_bug.cgi?id=2027541", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027541" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6754" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w98r-yagc-kkec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62692?format=api", "vulnerability_id": "VCID-wmyy-2cg3-wyhc", "summary": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05142", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05197", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05113", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05291", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05256", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05103", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05098", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05877", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05887", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450729", "reference_id": "2450729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450729" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020422", "reference_id": "show_bug.cgi?id=2020422", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020422" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4697" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmyy-2cg3-wyhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62685?format=api", "vulnerability_id": "VCID-wqw2-gjvu-6qbu", "summary": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03218", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03055", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.038", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03754", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0554", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05518", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05525", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05537", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05562", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05504", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05469", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05479", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450732", "reference_id": "2450732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450732" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016375", "reference_id": "show_bug.cgi?id=2016375", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016375" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4690" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqw2-gjvu-6qbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62702?format=api", "vulnerability_id": "VCID-wvx2-pba2-sqha", "summary": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05466", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05996", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06003", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450735", "reference_id": "2450735", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450735" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015268", "reference_id": "show_bug.cgi?id=2015268", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015268" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4708" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvx2-pba2-sqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62689?format=api", "vulnerability_id": "VCID-yjc2-2whn-uug5", "summary": "Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05434", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.054", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05442", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05448", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05462", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05469", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05426", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05393", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05601", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05569", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06143", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06135", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450747", "reference_id": "2450747", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450747" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "reference_id": "mfsa2026-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018430", "reference_id": "show_bug.cgi?id=2018430", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018430" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4694" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjc2-2whn-uug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62704?format=api", "vulnerability_id": "VCID-ymak-rv52-h7a5", "summary": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06869", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06843", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450727", "reference_id": "2450727", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450727" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5930", "reference_id": "RHSA-2026:5930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5931", "reference_id": "RHSA-2026:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5932", "reference_id": "RHSA-2026:5932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6188", "reference_id": "RHSA-2026:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6342", "reference_id": "RHSA-2026:6342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6917", "reference_id": "RHSA-2026:6917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7837", "reference_id": "RHSA-2026:7837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7838", "reference_id": "RHSA-2026:7838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7839", "reference_id": "RHSA-2026:7839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7840", "reference_id": "RHSA-2026:7840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7841", "reference_id": "RHSA-2026:7841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7842", "reference_id": "RHSA-2026:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7843", "reference_id": "RHSA-2026:7843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7845", "reference_id": "RHSA-2026:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7858", "reference_id": "RHSA-2026:7858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8284", "reference_id": "RHSA-2026:8284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8285", "reference_id": "RHSA-2026:8285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8286", "reference_id": "RHSA-2026:8286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8287", "reference_id": "RHSA-2026:8287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8288", "reference_id": "RHSA-2026:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8289", "reference_id": "RHSA-2026:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8290", "reference_id": "RHSA-2026:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8315", "reference_id": "RHSA-2026:8315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8427", "reference_id": "RHSA-2026:8427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8850", "reference_id": "RHSA-2026:8850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8850" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016370", "reference_id": "show_bug.cgi?id=2016370", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016370" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049374?format=api", "purl": "pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1" } ], "aliases": [ "CVE-2026-4710" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymak-rv52-h7a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353247?format=api", "vulnerability_id": "VCID-z6tm-b352-5uhk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6747.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14389", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14415", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1905", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460095", "reference_id": "2460095", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460095" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "reference_id": "mfsa2026-30", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "reference_id": "mfsa2026-32", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "reference_id": "mfsa2026-33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "reference_id": "mfsa2026-34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10757", "reference_id": "RHSA-2026:10757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10766", "reference_id": "RHSA-2026:10766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10767", "reference_id": "RHSA-2026:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10767" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021769", "reference_id": "show_bug.cgi?id=2021769", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021769" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076491?format=api", "purl": "pkg:deb/debian/firefox-esr@140.10.0esr-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1" } ], "aliases": [ "CVE-2026-6747" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tm-b352-5uhk" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62750?format=api", "vulnerability_id": "VCID-1hay-xe3q-gyb4", "summary": "Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2789.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2789.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04533", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04629", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04585", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04566", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442322", "reference_id": "2442322", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442322" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015179", "reference_id": "show_bug.cgi?id=2015179", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015179" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2789" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hay-xe3q-gyb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62992?format=api", "vulnerability_id": "VCID-1jqj-tqfp-73f7", "summary": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25477", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25398", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25353", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25514", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30263", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29869", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29939", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30054", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30125", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30168", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30187", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30173", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3022", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420504", "reference_id": "2420504", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420504" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1998050", "reference_id": "show_bug.cgi?id=1998050", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1998050" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14325" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jqj-tqfp-73f7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62718?format=api", "vulnerability_id": "VCID-1u8u-pnq3-t7ae", "summary": "Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2025", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20284", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20638", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20289", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20416", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20428", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442324", "reference_id": "2442324", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442324" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2001637", "reference_id": "show_bug.cgi?id=2001637", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2001637" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2757" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1u8u-pnq3-t7ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62753?format=api", "vulnerability_id": "VCID-1v2s-g46y-ybdc", "summary": "Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2792.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21143", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21167", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21267", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21415", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21407", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21514", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21346", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21461", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21165", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.213", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21325", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21317", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21321", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21376", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442318", "reference_id": "2442318", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442318" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331", "reference_id": "buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2792" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v2s-g46y-ybdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62748?format=api", "vulnerability_id": "VCID-3gmj-y8qd-ufej", "summary": "Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2787.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04533", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04629", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04585", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04566", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442297", "reference_id": "2442297", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442297" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014560", "reference_id": "show_bug.cgi?id=2014560", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014560" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2787" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gmj-y8qd-ufej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62921?format=api", "vulnerability_id": "VCID-3qfb-sxha-v3cw", "summary": "Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10529.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10529.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17286", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17358", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18587", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18609", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18546", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19446", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19544", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19485", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19467", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19454", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395756", "reference_id": "2395756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395756" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490", "reference_id": "show_bug.cgi?id=1970490", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-10529" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qfb-sxha-v3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62751?format=api", "vulnerability_id": "VCID-3sg3-9yx7-fufa", "summary": "Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2790.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2790.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06124", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06117", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05956", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05904", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05935", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0587", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06087", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05913", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05902", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05937", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05946", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442313", "reference_id": "2442313", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442313" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008426", "reference_id": "show_bug.cgi?id=2008426", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2790" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sg3-9yx7-fufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63013?format=api", "vulnerability_id": "VCID-4bw1-v6ze-kbds", "summary": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13018.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10034", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10092", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10112", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18559", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18478", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18708", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414079", "reference_id": "2414079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414079" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984940", "reference_id": "show_bug.cgi?id=1984940", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984940" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-13018" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bw1-v6ze-kbds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62993?format=api", "vulnerability_id": "VCID-4g7u-xmdq-mkdn", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14328.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14328.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1647", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16415", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16329", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16532", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22404", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22233", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22238", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22252", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22539", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22456", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22498", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14328" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420508", "reference_id": "2420508", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420508" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996761", "reference_id": "show_bug.cgi?id=1996761", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996761" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14328" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4g7u-xmdq-mkdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63038?format=api", "vulnerability_id": "VCID-4gsx-puz4-a3f1", "summary": "Use-after-free in MediaTrackGraphImpl::GetInstance()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23925", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23966", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23978", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24103", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24127", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24141", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24126", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24309", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24096", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24182", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24224", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24207", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403769", "reference_id": "2403769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403769" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988931", "reference_id": "show_bug.cgi?id=1988931", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988931" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-11708" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gsx-puz4-a3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63014?format=api", "vulnerability_id": "VCID-4kd3-95cm-g3fc", "summary": "Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13019.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10112", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10034", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10092", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18478", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18559", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18708", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414084", "reference_id": "2414084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414084" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988412", "reference_id": "show_bug.cgi?id=1988412", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988412" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-13019" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kd3-95cm-g3fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62747?format=api", "vulnerability_id": "VCID-4xqc-36jb-63c2", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04461", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0442", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14955", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15116", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442320", "reference_id": "2442320", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442320" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013612", "reference_id": "show_bug.cgi?id=2013612", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013612" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2786" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4xqc-36jb-63c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63049?format=api", "vulnerability_id": "VCID-59wd-mtjt-4ban", "summary": "Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11714.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11714.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17242", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17547", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17374", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17466", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17526", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17539", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1749", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17437", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1738", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17389", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17421", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17328", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17307", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403763", "reference_id": "2403763", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403763" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113", "reference_id": "buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-11714" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-59wd-mtjt-4ban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62741?format=api", "vulnerability_id": "VCID-5ept-fu7g-8kes", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04186", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04151", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04067", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04029", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04048", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04132", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04119", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03994", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03982", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04026", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442334", "reference_id": "2442334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442334" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007829", "reference_id": "show_bug.cgi?id=2007829", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007829" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2780" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ept-fu7g-8kes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62997?format=api", "vulnerability_id": "VCID-5kwn-x8e4-ukgq", "summary": "Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14333.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20646", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20569", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20855", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24739", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24751", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.2481", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24839", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24828", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24883", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24695", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24922", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420502", "reference_id": "2420502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420502" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639", "reference_id": "buglist.cgi?bug_id=1966501%2C1997639", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14333" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5kwn-x8e4-ukgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62920?format=api", "vulnerability_id": "VCID-66z1-8zeg-9qh1", "summary": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10528.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23428", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23612", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23566", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23548", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23499", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2365", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25061", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25073", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25016", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25929", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25881", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2591", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395755", "reference_id": "2395755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395755" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185", "reference_id": "show_bug.cgi?id=1986185", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-10528" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66z1-8zeg-9qh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62766?format=api", "vulnerability_id": "VCID-6cx1-8t9m-u3av", "summary": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04788", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04763", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04599", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04594", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04729", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04688", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04551", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04541", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04566", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0886" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978", "reference_id": "2428978", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658", "reference_id": "show_bug.cgi?id=2005658", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0886" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cx1-8t9m-u3av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62726?format=api", "vulnerability_id": "VCID-6fsa-bnes-tkff", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06358", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06347", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06201", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06137", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06164", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06107", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06321", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06304", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0615", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06187", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442333", "reference_id": "2442333", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442333" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013562", "reference_id": "show_bug.cgi?id=2013562", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2765" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fsa-bnes-tkff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63050?format=api", "vulnerability_id": "VCID-6jw1-pere-ruee", "summary": "Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18086", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18123", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1814", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18442", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18289", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18497", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1823", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18203", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1819", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18245", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18296", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18343", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403774", "reference_id": "2403774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403774" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899", "reference_id": "buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-11715" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jw1-pere-ruee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62722?format=api", "vulnerability_id": "VCID-7wmw-hpfw-vuaa", "summary": "Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33504", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33585", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33981", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3401", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34053", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34054", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34023", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34121", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33605", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33974", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34007", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3402", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33986", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442309", "reference_id": "2442309", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442309" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011063", "reference_id": "show_bug.cgi?id=2011063", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2761" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wmw-hpfw-vuaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62990?format=api", "vulnerability_id": "VCID-84jf-84jx-3fgj", "summary": "Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14323.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14323.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14323", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16767", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16841", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16821", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16898", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22728", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22769", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22511", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22513", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22521", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22683", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22724", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14323" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420513", "reference_id": "2420513", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420513" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-93/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996555", "reference_id": "show_bug.cgi?id=1996555", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996555" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14323" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84jf-84jx-3fgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62767?format=api", "vulnerability_id": "VCID-8u4y-zrhv-8fe9", "summary": "Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02851", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02794", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02737", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02714", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02806", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02701", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02691", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02711", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972", "reference_id": "2428972", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500", "reference_id": "show_bug.cgi?id=2006500", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0887" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u4y-zrhv-8fe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62736?format=api", "vulnerability_id": "VCID-8zy6-g8kn-hbdc", "summary": "Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07586", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07622", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07592", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07657", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0767", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07669", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07651", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07619", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07576", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07645", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07695", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07567", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07642", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442314", "reference_id": "2442314", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442314" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015199", "reference_id": "show_bug.cgi?id=2015199", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015199" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2775" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zy6-g8kn-hbdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62925?format=api", "vulnerability_id": "VCID-93au-w2zh-3yhg", "summary": "Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10533.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10533.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10533", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24553", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24518", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24463", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24448", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24335", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25605", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25613", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25555", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26517", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26459", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26574", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26497", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26524", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395766", "reference_id": "2395766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395766" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-74", "reference_id": "mfsa2025-74", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-74" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-74/", "reference_id": "mfsa2025-74", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-74/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788", "reference_id": "show_bug.cgi?id=1980788", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-10533" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93au-w2zh-3yhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63011?format=api", "vulnerability_id": "VCID-962a-dwqf-3ycg", "summary": "Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13016.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09736", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09765", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09811", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09778", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14709", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14515", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14672", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23525", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23596", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23702", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414083", "reference_id": "2414083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414083" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992130", "reference_id": "show_bug.cgi?id=1992130", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992130" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-13016" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-962a-dwqf-3ycg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62752?format=api", "vulnerability_id": "VCID-9zxb-j4ep-n7g9", "summary": "Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2791.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2791.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2791", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07455", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07487", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07461", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07526", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07523", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07443", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07418", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07499", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07538", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0741", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07421", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07512", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442342", "reference_id": "2442342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442342" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015220", "reference_id": "show_bug.cgi?id=2015220", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015220" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2791" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zxb-j4ep-n7g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62761?format=api", "vulnerability_id": "VCID-a98z-hwzc-wkcj", "summary": "Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0882", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0575", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05743", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05534", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0882" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966", "reference_id": "2428966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125", "reference_id": "show_bug.cgi?id=1924125", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0882" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a98z-hwzc-wkcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62719?format=api", "vulnerability_id": "VCID-azdd-vdn3-kffy", "summary": "Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2025", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20284", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20638", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20289", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20416", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20428", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442337", "reference_id": "2442337", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442337" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009608", "reference_id": "show_bug.cgi?id=2009608", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009608" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2758" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azdd-vdn3-kffy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62725?format=api", "vulnerability_id": "VCID-b5jm-57h2-2qcs", "summary": "JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06646", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06651", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06464", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06543", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06556", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06515", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06441", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06637", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06626", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06477", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06469", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06534", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442329", "reference_id": "2442329", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442329" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012608", "reference_id": "show_bug.cgi?id=2012608", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012608" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2764" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5jm-57h2-2qcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62740?format=api", "vulnerability_id": "VCID-b8dx-232z-qbbc", "summary": "Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06321", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06358", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06347", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06304", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20182", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2032", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20097", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20104", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20162", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442327", "reference_id": "2442327", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442327" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164141", "reference_id": "show_bug.cgi?id=1164141", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164141" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2779" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8dx-232z-qbbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62929?format=api", "vulnerability_id": "VCID-c6rx-p235-9bdz", "summary": "Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10537.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10537.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18619", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18846", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18758", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18753", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18699", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18899", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20077", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20083", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20046", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2103", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21091", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21018", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2104", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395759", "reference_id": "2395759", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395759" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067", "reference_id": "buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-10537" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6rx-p235-9bdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62746?format=api", "vulnerability_id": "VCID-cpez-x3zd-p7bu", "summary": "Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2785.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04461", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0442", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14955", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15116", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442284", "reference_id": "2442284", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442284" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013549", "reference_id": "show_bug.cgi?id=2013549", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013549" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2785" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpez-x3zd-p7bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62994?format=api", "vulnerability_id": "VCID-db28-rbyf-1qf4", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14329.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14329.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14329", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1647", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16415", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16329", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16532", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22404", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22233", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22238", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22252", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22539", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22456", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22498", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420509", "reference_id": "2420509", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420509" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997018", "reference_id": "show_bug.cgi?id=1997018", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997018" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14329" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db28-rbyf-1qf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62928?format=api", "vulnerability_id": "VCID-ddwf-z514-hbbj", "summary": "Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10536.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10536.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10536", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04701", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04666", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04738", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04747", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04687", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05755", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05598", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05586", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05632", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05823", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05786", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05832", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395764", "reference_id": "2395764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395764" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502", "reference_id": "show_bug.cgi?id=1981502", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-10536" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddwf-z514-hbbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62768?format=api", "vulnerability_id": "VCID-deth-9krh-kufj", "summary": "Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04185", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0415", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04067", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04028", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04048", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04132", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04118", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03993", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03981", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04026", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971", "reference_id": "2428971", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081", "reference_id": "show_bug.cgi?id=2005081", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0890" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-deth-9krh-kufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63010?format=api", "vulnerability_id": "VCID-dgwm-n1zx-qkbq", "summary": "Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13012.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09604", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09746", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09632", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10314", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16056", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16097", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16207", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16094", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22148", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22319", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22362", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2223", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414086", "reference_id": "2414086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414086" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-89/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991458", "reference_id": "show_bug.cgi?id=1991458", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991458" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-13012" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgwm-n1zx-qkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62739?format=api", "vulnerability_id": "VCID-dxwp-5jfs-nuew", "summary": "Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07809", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0772", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07744", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07766", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23176", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23123", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23109", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23102", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442335", "reference_id": "2442335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442335" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016358", "reference_id": "show_bug.cgi?id=2016358", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016358" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2778" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dxwp-5jfs-nuew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63016?format=api", "vulnerability_id": "VCID-e7jk-vs8y-fyhr", "summary": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13020.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13020.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10752", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10935", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10739", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17573", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17663", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17494", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17549", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23525", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23596", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23702", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414085", "reference_id": "2414085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414085" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1995686", "reference_id": "show_bug.cgi?id=1995686", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1995686" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-13020" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7jk-vs8y-fyhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62737?format=api", "vulnerability_id": "VCID-gcnq-avax-aqcv", "summary": "Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07809", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0772", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07744", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07766", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23176", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23123", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23109", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23102", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442291", "reference_id": "2442291", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442291" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015266", "reference_id": "show_bug.cgi?id=2015266", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015266" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2776" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcnq-avax-aqcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62764?format=api", "vulnerability_id": "VCID-h2gc-zk2a-1fg6", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07167", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07196", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.072", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0717", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07117", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07091", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07216", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07092", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07115", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07178", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07187", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967", "reference_id": "2428967", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588", "reference_id": "show_bug.cgi?id=2003588", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0884" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2gc-zk2a-1fg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62988?format=api", "vulnerability_id": "VCID-h9em-p9se-rucn", "summary": "Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14321.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20646", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20569", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20855", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24739", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24751", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.2481", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24839", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24828", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24883", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24695", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24922", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420503", "reference_id": "2420503", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420503" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992760", "reference_id": "show_bug.cgi?id=1992760", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992760" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14321" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9em-p9se-rucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62989?format=api", "vulnerability_id": "VCID-hccf-ueut-vugw", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14322.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14322.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1453", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1455", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.146", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19517", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19623", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19482", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19575", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19345", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19384", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19394", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19502", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19491", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14322" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420506", "reference_id": "2420506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420506" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-93/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996473", "reference_id": "show_bug.cgi?id=1996473", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996473" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14322" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hccf-ueut-vugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62723?format=api", "vulnerability_id": "VCID-hsc9-up4x-nbgs", "summary": "Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2762.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06321", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06358", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06347", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06304", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20182", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2032", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20097", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20104", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20162", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442308", "reference_id": "2442308", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442308" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011649", "reference_id": "show_bug.cgi?id=2011649", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011649" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2762" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsc9-up4x-nbgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62765?format=api", "vulnerability_id": "VCID-jybh-8px4-pqau", "summary": "Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05915", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05904", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05697", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05729", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05657", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05868", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05835", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05686", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05676", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0572", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05726", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961", "reference_id": "2428961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607", "reference_id": "show_bug.cgi?id=2003607", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0885" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jybh-8px4-pqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63019?format=api", "vulnerability_id": "VCID-kdwy-7p45-hbcs", "summary": "Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13015.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13015.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08124", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11327", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11159", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11227", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11268", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13252", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1334", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13302", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13908", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28159", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28116", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28023", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27955", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414090", "reference_id": "2414090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414090" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-89/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994164", "reference_id": "show_bug.cgi?id=1994164", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994164" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-13015" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kdwy-7p45-hbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62762?format=api", "vulnerability_id": "VCID-kk2m-2mxz-sbex", "summary": "Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02702", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02659", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0268", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03403", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03391", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03439", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03577", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03532", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03527", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03521", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14327" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420507", "reference_id": "2420507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420507" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970743", "reference_id": "show_bug.cgi?id=1970743", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970743" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14327" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kk2m-2mxz-sbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63040?format=api", "vulnerability_id": "VCID-kkgh-a9hg-fud8", "summary": "A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26504", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26575", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26584", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26856", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26681", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26702", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26759", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.268", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403768", "reference_id": "2403768", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403768" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989899", "reference_id": "show_bug.cgi?id=1989899", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989899" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-11710" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkgh-a9hg-fud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62724?format=api", "vulnerability_id": "VCID-m3mp-su9k-sfhs", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06459", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06447", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06232", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0631", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06252", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06424", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06265", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06295", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442316", "reference_id": "2442316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442316" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012018", "reference_id": "show_bug.cgi?id=2012018", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012018" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2763" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3mp-su9k-sfhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62754?format=api", "vulnerability_id": "VCID-menq-g5ce-1yd8", "summary": "Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2793.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2793.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2793", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21489", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21502", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2163", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21763", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21878", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21825", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21507", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21656", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21686", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21679", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21678", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442287", "reference_id": "2442287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442287" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498", "reference_id": "buglist.cgi?bug_id=2015196%2C2016423%2C2016498", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2793" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-menq-g5ce-1yd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62735?format=api", "vulnerability_id": "VCID-mn6j-2wd1-ukfb", "summary": "Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05833", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05914", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05902", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05866", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442290", "reference_id": "2442290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442290" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014883", "reference_id": "show_bug.cgi?id=2014883", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014883" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2774" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mn6j-2wd1-ukfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62758?format=api", "vulnerability_id": "VCID-ndd4-kd1y-z7ep", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07767", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07789", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07783", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07827", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0784", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0778", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07821", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07865", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07739", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07838", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965", "reference_id": "2428965", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989", "reference_id": "show_bug.cgi?id=2003989", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0878" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndd4-kd1y-z7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62730?format=api", "vulnerability_id": "VCID-nhsr-4zux-2bck", "summary": "Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04987", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0506", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05058", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05017", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15526", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15599", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15634", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15667", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15612", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1566", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15468", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15462", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15536", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442295", "reference_id": "2442295", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442295" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014550", "reference_id": "show_bug.cgi?id=2014550", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014550" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2769" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhsr-4zux-2bck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62769?format=api", "vulnerability_id": "VCID-nkpq-9gd6-nuc4", "summary": "Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06821", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06643", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06688", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06749", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06742", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06673", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06662", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0682", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06826", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06845", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963", "reference_id": "2428963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278", "reference_id": "buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0891" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkpq-9gd6-nuc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62728?format=api", "vulnerability_id": "VCID-ntqr-ptmu-yuen", "summary": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14998", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15056", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15054", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15016", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14955", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15116", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442328", "reference_id": "2442328", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442328" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013741", "reference_id": "show_bug.cgi?id=2013741", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013741" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2767" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntqr-ptmu-yuen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62732?format=api", "vulnerability_id": "VCID-p9zh-7wyj-hffm", "summary": "Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07885", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07916", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07949", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20638", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20418", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442288", "reference_id": "2442288", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442288" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014593", "reference_id": "show_bug.cgi?id=2014593", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014593" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2771" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9zh-7wyj-hffm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62995?format=api", "vulnerability_id": "VCID-pcgf-xtfq-6ugb", "summary": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21432", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2138", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21318", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21238", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21486", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25377", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25289", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25334", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25341", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25514", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25409", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.2542", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25414", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25471", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420516", "reference_id": "2420516", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420516" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997503", "reference_id": "show_bug.cgi?id=1997503", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997503" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14330" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcgf-xtfq-6ugb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62759?format=api", "vulnerability_id": "VCID-pemg-ndu8-wbbc", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07299", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07325", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07319", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07331", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07307", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07252", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07229", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07362", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07235", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07309", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973", "reference_id": "2428973", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602", "reference_id": "show_bug.cgi?id=2004602", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0879" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pemg-ndu8-wbbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62738?format=api", "vulnerability_id": "VCID-q1pv-avug-juef", "summary": "Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19732", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19762", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19843", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19952", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19997", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19977", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19923", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20059", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.1977", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19874", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19871", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19894", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442312", "reference_id": "2442312", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442312" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015305", "reference_id": "show_bug.cgi?id=2015305", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015305" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2777" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1pv-avug-juef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63039?format=api", "vulnerability_id": "VCID-qeh2-jn2v-9ug7", "summary": "A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11709.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11709.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11709", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26504", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26575", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26584", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26856", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26681", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26702", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26759", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.268", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403765", "reference_id": "2403765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403765" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127", "reference_id": "show_bug.cgi?id=1989127", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-11709" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qeh2-jn2v-9ug7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63017?format=api", "vulnerability_id": "VCID-qgvy-hzsx-hkge", "summary": "Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13014.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13014.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13112", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13292", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13254", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13205", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13848", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20524", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20492", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20527", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.265", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26456", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26276", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414080", "reference_id": "2414080", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414080" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-89/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994241", "reference_id": "show_bug.cgi?id=1994241", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994241" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-13014" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qgvy-hzsx-hkge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62760?format=api", "vulnerability_id": "VCID-qm8f-f8nr-qba9", "summary": "Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0575", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05743", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05534", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975", "reference_id": "2428975", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014", "reference_id": "show_bug.cgi?id=2005014", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0880" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm8f-f8nr-qba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62749?format=api", "vulnerability_id": "VCID-qta2-8rnt-k7d1", "summary": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2788.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06459", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06447", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06232", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0631", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06252", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06424", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06265", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06295", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442302", "reference_id": "2442302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442302" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014824", "reference_id": "show_bug.cgi?id=2014824", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2788" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qta2-8rnt-k7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62734?format=api", "vulnerability_id": "VCID-r7vt-w149-9bfn", "summary": "Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07885", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07916", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07891", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07941", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07949", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07934", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07886", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0783", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07845", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07927", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442319", "reference_id": "2442319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442319" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014832", "reference_id": "show_bug.cgi?id=2014832", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014832" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2773" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7vt-w149-9bfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62919?format=api", "vulnerability_id": "VCID-rg63-avu7-2bdc", "summary": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10527.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16078", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16221", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16209", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16227", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16282", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17508", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17531", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1744", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18416", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18523", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18472", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1845", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18429", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395745", "reference_id": "2395745", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395745" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825", "reference_id": "show_bug.cgi?id=1984825", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-10527" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rg63-avu7-2bdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62924?format=api", "vulnerability_id": "VCID-ruc1-kmaz-fkbb", "summary": "Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10532.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10532.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10532", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17599", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17844", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17768", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17898", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19042", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19096", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19087", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20052", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2005", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20067", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20125", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20054", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395754", "reference_id": "2395754", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395754" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-73/", "reference_id": "mfsa2025-73", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-75/", "reference_id": "mfsa2025-75", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-77/", "reference_id": "mfsa2025-77", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-78/", "reference_id": "mfsa2025-78", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16108", "reference_id": "RHSA-2025:16108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16109", "reference_id": "RHSA-2025:16109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16156", "reference_id": "RHSA-2025:16156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16157", "reference_id": "RHSA-2025:16157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16260", "reference_id": "RHSA-2025:16260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16589", "reference_id": "RHSA-2025:16589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17340", "reference_id": "RHSA-2025:17340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17341", "reference_id": "RHSA-2025:17341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17342", "reference_id": "RHSA-2025:17342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17343", "reference_id": "RHSA-2025:17343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17344", "reference_id": "RHSA-2025:17344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17345", "reference_id": "RHSA-2025:17345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17346", "reference_id": "RHSA-2025:17346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17367", "reference_id": "RHSA-2025:17367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17368", "reference_id": "RHSA-2025:17368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17371", "reference_id": "RHSA-2025:17371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17372", "reference_id": "RHSA-2025:17372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17373", "reference_id": "RHSA-2025:17373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17374", "reference_id": "RHSA-2025:17374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17378", "reference_id": "RHSA-2025:17378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17453", "reference_id": "RHSA-2025:17453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17453" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502", "reference_id": "show_bug.cgi?id=1979502", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-10532" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruc1-kmaz-fkbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62744?format=api", "vulnerability_id": "VCID-sgwe-9xfj-6kav", "summary": "Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11968", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12101", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12068", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12208", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.122", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12149", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12269", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12224", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12121", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12003", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12007", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12171", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442300", "reference_id": "2442300", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442300" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010943", "reference_id": "show_bug.cgi?id=2010943", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010943" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2783" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgwe-9xfj-6kav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62731?format=api", "vulnerability_id": "VCID-ss9j-7jd7-nbf1", "summary": "Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03498", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03551", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.035", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03494", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442343", "reference_id": "2442343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442343" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014585", "reference_id": "show_bug.cgi?id=2014585", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014585" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2770" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ss9j-7jd7-nbf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62757?format=api", "vulnerability_id": "VCID-t2c3-smqc-zkba", "summary": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06481", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06468", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06257", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0633", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06302", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06445", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06429", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0627", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969", "reference_id": "2428969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257", "reference_id": "show_bug.cgi?id=1999257", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0877" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2c3-smqc-zkba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63044?format=api", "vulnerability_id": "VCID-t9cw-yjar-ckfd", "summary": "A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11901", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11996", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12028", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12141", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1207", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11988", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1205", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11931", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11934", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12093", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12129", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12122", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11712" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403770", "reference_id": "2403770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403770" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979536", "reference_id": "show_bug.cgi?id=1979536", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979536" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-11712" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9cw-yjar-ckfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62729?format=api", "vulnerability_id": "VCID-te1e-sjsk-bfd8", "summary": "Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26573", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26644", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2675", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26869", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26866", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2696", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26923", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26651", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26708", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26746", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26774", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26767", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26824", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2768" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442298", "reference_id": "2442298", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442298" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014101", "reference_id": "show_bug.cgi?id=2014101", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014101" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2768" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-te1e-sjsk-bfd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63041?format=api", "vulnerability_id": "VCID-tgsj-hp8b-27f9", "summary": "There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11711.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11711.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11711", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08064", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08092", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08128", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08172", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08091", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08015", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0803", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08085", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08146", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08134", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08124", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0816", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08169", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403776", "reference_id": "2403776", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403776" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "reference_id": "mfsa2025-81", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-82/", "reference_id": "mfsa2025-82", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-83/", "reference_id": "mfsa2025-83", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-84/", "reference_id": "mfsa2025-84", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-85/", "reference_id": "mfsa2025-85", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18154", "reference_id": "RHSA-2025:18154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18155", "reference_id": "RHSA-2025:18155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18285", "reference_id": "RHSA-2025:18285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18320", "reference_id": "RHSA-2025:18320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18321", "reference_id": "RHSA-2025:18321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18983", "reference_id": "RHSA-2025:18983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19278", "reference_id": "RHSA-2025:19278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19938", "reference_id": "RHSA-2025:19938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19939", "reference_id": "RHSA-2025:19939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19941", "reference_id": "RHSA-2025:19941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19942", "reference_id": "RHSA-2025:19942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19943", "reference_id": "RHSA-2025:19943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19944", "reference_id": "RHSA-2025:19944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19945", "reference_id": "RHSA-2025:19945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21054", "reference_id": "RHSA-2025:21054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21055", "reference_id": "RHSA-2025:21055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21056", "reference_id": "RHSA-2025:21056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21057", "reference_id": "RHSA-2025:21057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21058", "reference_id": "RHSA-2025:21058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21059", "reference_id": "RHSA-2025:21059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21064", "reference_id": "RHSA-2025:21064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989978", "reference_id": "show_bug.cgi?id=1989978", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989978" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-11711" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgsj-hp8b-27f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62996?format=api", "vulnerability_id": "VCID-tkzd-c11q-3qaf", "summary": "Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14331.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14331.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10897", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10932", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1095", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10822", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13633", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13718", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13545", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13682", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1349", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13599", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13627", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13616", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13543", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420512", "reference_id": "2420512", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420512" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-93/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2000218", "reference_id": "show_bug.cgi?id=2000218", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2000218" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14331" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkzd-c11q-3qaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62727?format=api", "vulnerability_id": "VCID-ud33-vgxh-8khj", "summary": "Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2766.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06358", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06347", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06201", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06137", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06164", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06107", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06321", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06304", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0615", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06187", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2766" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442294", "reference_id": "2442294", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442294" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013583", "reference_id": "show_bug.cgi?id=2013583", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2766" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud33-vgxh-8khj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63015?format=api", "vulnerability_id": "VCID-ukut-zyjx-93gq", "summary": "Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11977", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12178", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12109", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12141", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1198", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12681", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16841", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16907", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17003", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16891", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26086", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26314", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26153", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414091", "reference_id": "2414091", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414091" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-89/", "reference_id": "mfsa2025-89", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-89/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991945", "reference_id": "show_bug.cgi?id=1991945", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991945" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-13013" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukut-zyjx-93gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62742?format=api", "vulnerability_id": "VCID-vszp-vyxy-f7g7", "summary": "Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15313", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15369", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15373", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15332", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442292", "reference_id": "2442292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442292" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-31/", "reference_id": "mfsa2026-31", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009552", "reference_id": "show_bug.cgi?id=2009552", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009552" }, { "reference_url": "https://usn.ubuntu.com/8071-1/", "reference_id": "USN-8071-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8071-1/" }, { "reference_url": "https://usn.ubuntu.com/8071-2/", "reference_id": "USN-8071-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8071-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2781" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vszp-vyxy-f7g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62743?format=api", "vulnerability_id": "VCID-w4u8-25rz-gqeq", "summary": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15743", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15785", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15778", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15926", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15979", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15864", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15917", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15787", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15771", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15727", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15717", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15795", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15863", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442331", "reference_id": "2442331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442331" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010743", "reference_id": "show_bug.cgi?id=2010743", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2782" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4u8-25rz-gqeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62721?format=api", "vulnerability_id": "VCID-wagm-cq36-k7g3", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2760.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.22897", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.22899", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23176", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23123", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.22905", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23071", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23109", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23102", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442325", "reference_id": "2442325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442325" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011062", "reference_id": "show_bug.cgi?id=2011062", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011062" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2760" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wagm-cq36-k7g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62720?format=api", "vulnerability_id": "VCID-wwdh-xmux-3qdq", "summary": "Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2759.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2759.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2025", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20284", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20638", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20289", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20416", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20428", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442307", "reference_id": "2442307", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442307" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010933", "reference_id": "show_bug.cgi?id=2010933", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2010933" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2759" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwdh-xmux-3qdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62745?format=api", "vulnerability_id": "VCID-wwkc-4c69-cbea", "summary": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06154", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06192", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06184", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06141", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19488", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19714", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19624", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1962", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19764", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19567", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19491", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19483", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19517", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19575", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442304", "reference_id": "2442304", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442304" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012984", "reference_id": "show_bug.cgi?id=2012984", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012984" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2784" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwkc-4c69-cbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63012?format=api", "vulnerability_id": "VCID-wz6r-xzm9-m7hp", "summary": "Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10034", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10092", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10112", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18559", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18478", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18708", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414092", "reference_id": "2414092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414092" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-87/", "reference_id": "mfsa2025-87", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-88/", "reference_id": "mfsa2025-88", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-90" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-90/", "reference_id": "mfsa2025-90", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-91" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-91/", "reference_id": "mfsa2025-91", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21120", "reference_id": "RHSA-2025:21120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21121", "reference_id": "RHSA-2025:21121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21280", "reference_id": "RHSA-2025:21280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21281", "reference_id": "RHSA-2025:21281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21841", "reference_id": "RHSA-2025:21841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21842", "reference_id": "RHSA-2025:21842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21843", "reference_id": "RHSA-2025:21843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21844", "reference_id": "RHSA-2025:21844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21881", "reference_id": "RHSA-2025:21881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22363", "reference_id": "RHSA-2025:22363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22367", "reference_id": "RHSA-2025:22367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22368", "reference_id": "RHSA-2025:22368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22369", "reference_id": "RHSA-2025:22369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22371", "reference_id": "RHSA-2025:22371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22372", "reference_id": "RHSA-2025:22372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22373", "reference_id": "RHSA-2025:22373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22374", "reference_id": "RHSA-2025:22374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22375", "reference_id": "RHSA-2025:22375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22449", "reference_id": "RHSA-2025:22449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22450", "reference_id": "RHSA-2025:22450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22451", "reference_id": "RHSA-2025:22451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22791", "reference_id": "RHSA-2025:22791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22792", "reference_id": "RHSA-2025:22792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22882", "reference_id": "RHSA-2025:22882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22883", "reference_id": "RHSA-2025:22883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22883" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980904", "reference_id": "show_bug.cgi?id=1980904", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980904" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-13017" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wz6r-xzm9-m7hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62733?format=api", "vulnerability_id": "VCID-xcbn-tkgg-4ben", "summary": "Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04801", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04886", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04874", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04836", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442326", "reference_id": "2442326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442326" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-14/", "reference_id": "mfsa2026-14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014827", "reference_id": "show_bug.cgi?id=2014827", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014827" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-2772" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xcbn-tkgg-4ben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62991?format=api", "vulnerability_id": "VCID-xghm-4ygw-tkb2", "summary": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14324.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14324.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14324", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22585", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22449", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26616", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26717", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26433", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26492", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26499", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26557", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26624", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26673", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26595", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14324" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420517", "reference_id": "2420517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420517" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-93/", "reference_id": "mfsa2025-93", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-93/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "reference_id": "mfsa2025-94", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "reference_id": "mfsa2025-96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23034", "reference_id": "RHSA-2025:23034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23035", "reference_id": "RHSA-2025:23035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23128", "reference_id": "RHSA-2025:23128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23856", "reference_id": "RHSA-2025:23856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0003", "reference_id": "RHSA-2026:0003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0004", "reference_id": "RHSA-2026:0004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0005", "reference_id": "RHSA-2026:0005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0006", "reference_id": "RHSA-2026:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0007", "reference_id": "RHSA-2026:0007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0013", "reference_id": "RHSA-2026:0013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0014", "reference_id": "RHSA-2026:0014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0015", "reference_id": "RHSA-2026:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0016", "reference_id": "RHSA-2026:0016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0017", "reference_id": "RHSA-2026:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0018", "reference_id": "RHSA-2026:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0019", "reference_id": "RHSA-2026:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0020", "reference_id": "RHSA-2026:0020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0021", "reference_id": "RHSA-2026:0021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0022", "reference_id": "RHSA-2026:0022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0023", "reference_id": "RHSA-2026:0023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0024", "reference_id": "RHSA-2026:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0025", "reference_id": "RHSA-2026:0025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0026", "reference_id": "RHSA-2026:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0124", "reference_id": "RHSA-2026:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0127", "reference_id": "RHSA-2026:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0127" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996840", "reference_id": "show_bug.cgi?id=1996840", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996840" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2025-14324" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xghm-4ygw-tkb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62763?format=api", "vulnerability_id": "VCID-zdxh-fp2e-47dd", "summary": "Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03207", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03158", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03094", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.031", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03165", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03163", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03043", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03034", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03057", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03069", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968", "reference_id": "2428968", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340", "reference_id": "show_bug.cgi?id=1989340", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049373?format=api", "purl": "pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13he-qsr4-h3d4" }, { "vulnerability": "VCID-1fv1-edht-ufag" }, { "vulnerability": "VCID-23eu-22t2-cydd" }, { "vulnerability": "VCID-26d3-ctnj-7kbh" }, { "vulnerability": "VCID-289s-f2w6-53g9" }, { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-351y-4nek-u3aw" }, { "vulnerability": "VCID-3grf-hwk1-3fh8" }, { "vulnerability": "VCID-3kd3-hwzv-efbn" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-3xgu-7evz-mffw" }, { "vulnerability": "VCID-4q6w-tdk9-d3an" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-646f-ndeq-5bee" }, { "vulnerability": "VCID-675n-7uzz-pqdj" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-8qyy-e4jt-rbc4" }, { "vulnerability": "VCID-8vka-qus2-tbhj" }, { "vulnerability": "VCID-8xek-k5y2-6bfp" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-b4bq-q3ga-3ff1" }, { "vulnerability": "VCID-b6sf-z5tm-4uau" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-e2k8-m9sm-8uek" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-ft6u-geds-fua9" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-gkva-6cu9-7keg" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-hshc-4xnc-gug4" }, { "vulnerability": "VCID-hstd-23qm-bqdg" }, { "vulnerability": "VCID-j1hb-8jjy-tqgq" }, { "vulnerability": "VCID-kuwd-6tcg-fuha" }, { "vulnerability": "VCID-m6uv-91wz-xfdv" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-mm6w-kpe8-4kg3" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nvsz-9s3r-nbhq" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" }, { "vulnerability": "VCID-qkks-24cp-gqg2" }, { "vulnerability": "VCID-rp5h-ym8y-skbw" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-t4t3-5pt5-ayds" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-u3j3-fc4f-7ff7" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-wmyy-2cg3-wyhc" }, { "vulnerability": "VCID-wqw2-gjvu-6qbu" }, { "vulnerability": "VCID-wvx2-pba2-sqha" }, { "vulnerability": "VCID-yjc2-2whn-uug5" }, { "vulnerability": "VCID-ymak-rv52-h7a5" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" } ], "aliases": [ "CVE-2026-0883" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdxh-fp2e-47dd" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1" }