Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/131264?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "thunderbird", "version": "1:91.11.0-1~deb11u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1:91.11.0-1", "latest_non_vulnerable_version": "1:140.11.0esr-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1723?format=api", "vulnerability_id": "VCID-1nmu-sdab-2yhh", "summary": "If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2200.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06199", "scoring_system": "epss", "scoring_elements": "0.91036", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06199", "scoring_system": "epss", "scoring_elements": "0.91022", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102168", "reference_id": "2102168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102168" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-24/", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:02:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-24/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-25/", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:02:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-26/", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:02:52Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-26/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5469", "reference_id": "RHSA-2022:5469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5470", "reference_id": "RHSA-2022:5470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5472", "reference_id": "RHSA-2022:5472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5473", "reference_id": "RHSA-2022:5473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5474", "reference_id": "RHSA-2022:5474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5475", "reference_id": "RHSA-2022:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5477", "reference_id": "RHSA-2022:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5478", "reference_id": "RHSA-2022:5478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5479", "reference_id": "RHSA-2022:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5480", "reference_id": "RHSA-2022:5480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5481", "reference_id": "RHSA-2022:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5482", "reference_id": "RHSA-2022:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5482" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1771381", "reference_id": "show_bug.cgi?id=1771381", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:02:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1771381" }, { "reference_url": "https://usn.ubuntu.com/5504-1/", "reference_id": "USN-5504-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5504-1/" }, { "reference_url": "https://usn.ubuntu.com/5512-1/", "reference_id": "USN-5512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/131263?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-2200" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nmu-sdab-2yhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1721?format=api", "vulnerability_id": "VCID-3xnh-sesb-bfbv", "summary": "If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34472.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.6429", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64246", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102166", "reference_id": "2102166", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102166" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-24/", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:41:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-24/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-25/", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:41:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-26/", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:41:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-26/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5469", "reference_id": "RHSA-2022:5469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5470", "reference_id": "RHSA-2022:5470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5472", "reference_id": "RHSA-2022:5472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5473", "reference_id": "RHSA-2022:5473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5474", "reference_id": "RHSA-2022:5474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5475", "reference_id": "RHSA-2022:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5477", "reference_id": "RHSA-2022:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5478", "reference_id": "RHSA-2022:5478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5479", "reference_id": "RHSA-2022:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5480", "reference_id": "RHSA-2022:5480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5481", "reference_id": "RHSA-2022:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5482", "reference_id": "RHSA-2022:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5482" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770123", "reference_id": "show_bug.cgi?id=1770123", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:41:27Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770123" }, { "reference_url": "https://usn.ubuntu.com/5504-1/", "reference_id": "USN-5504-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5504-1/" }, { "reference_url": "https://usn.ubuntu.com/5512-1/", "reference_id": "USN-5512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/131263?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-34472" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xnh-sesb-bfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1717?format=api", "vulnerability_id": "VCID-6yc1-jutk-1fcz", "summary": "Session history navigations may have led to a use-after-free and potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34470.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34470.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.71118", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.71076", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102162", "reference_id": "2102162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102162" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-24/", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:51:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-24/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-25/", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:51:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-26/", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:51:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-26/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5469", "reference_id": "RHSA-2022:5469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5470", "reference_id": "RHSA-2022:5470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5472", "reference_id": "RHSA-2022:5472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5473", "reference_id": "RHSA-2022:5473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5474", "reference_id": "RHSA-2022:5474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5475", "reference_id": "RHSA-2022:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5477", "reference_id": "RHSA-2022:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5478", "reference_id": "RHSA-2022:5478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5479", "reference_id": "RHSA-2022:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5480", "reference_id": "RHSA-2022:5480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5481", "reference_id": "RHSA-2022:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5482", "reference_id": "RHSA-2022:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5482" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1765951", "reference_id": "show_bug.cgi?id=1765951", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:51:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1765951" }, { "reference_url": "https://usn.ubuntu.com/5504-1/", "reference_id": "USN-5504-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5504-1/" }, { "reference_url": "https://usn.ubuntu.com/5512-1/", "reference_id": "USN-5512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/131263?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-34470" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yc1-jutk-1fcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1724?format=api", "vulnerability_id": "VCID-8th2-q8wd-tyec", "summary": "The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51638", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51578", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34484" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102169", "reference_id": "2102169", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102169" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651", "reference_id": "buglist.cgi?bug_id=1763634%2C1772651", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T17:42:21Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-24/", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T17:42:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-24/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-25/", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T17:42:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-26/", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T17:42:21Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-26/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5469", "reference_id": "RHSA-2022:5469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5470", "reference_id": "RHSA-2022:5470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5472", "reference_id": "RHSA-2022:5472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5473", "reference_id": "RHSA-2022:5473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5474", "reference_id": "RHSA-2022:5474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5475", "reference_id": "RHSA-2022:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5477", "reference_id": "RHSA-2022:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5478", "reference_id": "RHSA-2022:5478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5479", "reference_id": "RHSA-2022:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5480", "reference_id": "RHSA-2022:5480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5481", "reference_id": "RHSA-2022:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5482", "reference_id": "RHSA-2022:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5482" }, { "reference_url": "https://usn.ubuntu.com/5504-1/", "reference_id": "USN-5504-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5504-1/" }, { "reference_url": "https://usn.ubuntu.com/5512-1/", "reference_id": "USN-5512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/131263?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-34484" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8th2-q8wd-tyec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1719?format=api", "vulnerability_id": "VCID-ceu2-6hth-pqhp", "summary": "In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34481.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34481.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43748", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43678", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102164", "reference_id": "2102164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102164" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-24/", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:53:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-24/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-25/", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:53:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-26/", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:53:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-26/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5469", "reference_id": "RHSA-2022:5469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5470", "reference_id": "RHSA-2022:5470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5472", "reference_id": "RHSA-2022:5472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5473", "reference_id": "RHSA-2022:5473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5474", "reference_id": "RHSA-2022:5474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5475", "reference_id": "RHSA-2022:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5477", "reference_id": "RHSA-2022:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5478", "reference_id": "RHSA-2022:5478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5479", "reference_id": "RHSA-2022:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5480", "reference_id": "RHSA-2022:5480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5481", "reference_id": "RHSA-2022:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5482", "reference_id": "RHSA-2022:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5482" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1497246", "reference_id": "show_bug.cgi?id=1497246", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:53:12Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1497246" }, { "reference_url": "https://usn.ubuntu.com/5504-1/", "reference_id": "USN-5504-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5504-1/" }, { "reference_url": "https://usn.ubuntu.com/5512-1/", "reference_id": "USN-5512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/131263?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-34481" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ceu2-6hth-pqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1720?format=api", "vulnerability_id": "VCID-dgm8-wwst-kbe2", "summary": "An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31744.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31744.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20546", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102165", "reference_id": "2102165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102165" }, { "reference_url": "https://security.archlinux.org/AVG-2760", "reference_id": "AVG-2760", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2760" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-20", "reference_id": "mfsa2022-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-20" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-20/", "reference_id": "mfsa2022-20", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:28:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-20/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-25/", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:28:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-26/", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:28:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-26/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5469", "reference_id": "RHSA-2022:5469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5470", "reference_id": "RHSA-2022:5470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5472", "reference_id": "RHSA-2022:5472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5473", "reference_id": "RHSA-2022:5473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5474", "reference_id": "RHSA-2022:5474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5475", "reference_id": "RHSA-2022:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5477", "reference_id": "RHSA-2022:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5478", "reference_id": "RHSA-2022:5478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5479", "reference_id": "RHSA-2022:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5480", "reference_id": "RHSA-2022:5480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5481", "reference_id": "RHSA-2022:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5482", "reference_id": "RHSA-2022:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5482" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1757604", "reference_id": "show_bug.cgi?id=1757604", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:28:40Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1757604" }, { "reference_url": "https://usn.ubuntu.com/5475-1/", "reference_id": "USN-5475-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5475-1/" }, { "reference_url": "https://usn.ubuntu.com/5512-1/", "reference_id": "USN-5512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/131263?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-31744" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgm8-wwst-kbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1770?format=api", "vulnerability_id": "VCID-et8w-z5dr-ryaz", "summary": "An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2226.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41029", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41105", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102204", "reference_id": "2102204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102204" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-26/", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:00:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-26/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5470", "reference_id": "RHSA-2022:5470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5473", "reference_id": "RHSA-2022:5473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5475", "reference_id": "RHSA-2022:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5478", "reference_id": "RHSA-2022:5478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5480", "reference_id": "RHSA-2022:5480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5482", "reference_id": "RHSA-2022:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5482" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1775441", "reference_id": "show_bug.cgi?id=1775441", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:00:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1775441" }, { "reference_url": "https://usn.ubuntu.com/5512-1/", "reference_id": "USN-5512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/131263?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-2226" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-et8w-z5dr-ryaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1716?format=api", "vulnerability_id": "VCID-u2rj-qhkw-uqgf", "summary": "A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Linux. Other operating systems are unaffected.*", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34479.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65147", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65105", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102161", "reference_id": "2102161", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102161" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-24/", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:09:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-24/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-25/", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:09:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-26/", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:09:26Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-26/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5469", "reference_id": "RHSA-2022:5469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5470", "reference_id": "RHSA-2022:5470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5472", "reference_id": "RHSA-2022:5472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5473", "reference_id": "RHSA-2022:5473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5474", "reference_id": "RHSA-2022:5474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5475", "reference_id": "RHSA-2022:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5477", "reference_id": "RHSA-2022:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5478", "reference_id": "RHSA-2022:5478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5479", "reference_id": "RHSA-2022:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5480", "reference_id": "RHSA-2022:5480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5481", "reference_id": "RHSA-2022:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5482", "reference_id": "RHSA-2022:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5482" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745595", "reference_id": "show_bug.cgi?id=1745595", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:09:26Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745595" }, { "reference_url": "https://usn.ubuntu.com/5504-1/", "reference_id": "USN-5504-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5504-1/" }, { "reference_url": "https://usn.ubuntu.com/5512-1/", "reference_id": "USN-5512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/131263?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-34479" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2rj-qhkw-uqgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1718?format=api", "vulnerability_id": "VCID-vgjr-7typ-j7dm", "summary": "An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34468.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34468.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.6731", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.67269", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102163", "reference_id": "2102163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102163" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-24/", "reference_id": "mfsa2022-24", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-24/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-25/", "reference_id": "mfsa2022-25", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-26/", "reference_id": "mfsa2022-26", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:14Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-26/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5469", "reference_id": "RHSA-2022:5469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5470", "reference_id": "RHSA-2022:5470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5472", "reference_id": "RHSA-2022:5472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5473", "reference_id": "RHSA-2022:5473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5474", "reference_id": "RHSA-2022:5474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5475", "reference_id": "RHSA-2022:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5477", "reference_id": "RHSA-2022:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5478", "reference_id": "RHSA-2022:5478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5479", "reference_id": "RHSA-2022:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5480", "reference_id": "RHSA-2022:5480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5481", "reference_id": "RHSA-2022:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5482", "reference_id": "RHSA-2022:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5482" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1768537", "reference_id": "show_bug.cgi?id=1768537", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:14Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1768537" }, { "reference_url": "https://usn.ubuntu.com/5504-1/", "reference_id": "USN-5504-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5504-1/" }, { "reference_url": "https://usn.ubuntu.com/5512-1/", "reference_id": "USN-5512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/131264?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/131263?format=api", "purl": "pkg:deb/debian/thunderbird@1:91.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-34468" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgjr-7typ-j7dm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.11.0-1~deb11u1%3Fdistro=trixie" }