Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1?distro=trixie

Type deb

Namespace debian

Name thunderbird

Version 1:140.9.1esr-1~deb12u1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1:140.9.1esr-1~deb13u1

Latest_non_vulnerable_version 1:140.11.0esr-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3wkz-pa84-v3hm

vulnerability_id VCID-3wkz-pa84-v3hm

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-5732

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.14579
published_at	2026-06-07T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14619
published_at	2026-06-06T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14616
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-5732

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2455908
reference_id	2455908
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2455908

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-25

reference_id

mfsa2026-25

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-25

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-25/

reference_id

mfsa2026-25

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-25/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-27

reference_id

mfsa2026-27

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-27

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-27/

reference_id

mfsa2026-27

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-27/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-28

reference_id

mfsa2026-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-28/

reference_id

mfsa2026-28

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-29

reference_id

mfsa2026-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-29/

reference_id

mfsa2026-29

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-29/

reference_url	https://access.redhat.com/errata/RHSA-2026:11805
reference_id	RHSA-2026:11805
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:11805

reference_url	https://access.redhat.com/errata/RHSA-2026:11813
reference_id	RHSA-2026:11813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:11813

reference_url	https://access.redhat.com/errata/RHSA-2026:12264
reference_id	RHSA-2026:12264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:12264

reference_url	https://access.redhat.com/errata/RHSA-2026:13342
reference_id	RHSA-2026:13342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13342

reference_url	https://access.redhat.com/errata/RHSA-2026:13412
reference_id	RHSA-2026:13412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13412

reference_url	https://access.redhat.com/errata/RHSA-2026:13533
reference_id	RHSA-2026:13533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13533

reference_url	https://access.redhat.com/errata/RHSA-2026:13582
reference_id	RHSA-2026:13582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13582

reference_url	https://access.redhat.com/errata/RHSA-2026:13583
reference_id	RHSA-2026:13583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13583

reference_url	https://access.redhat.com/errata/RHSA-2026:13596
reference_id	RHSA-2026:13596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13596

reference_url	https://access.redhat.com/errata/RHSA-2026:13600
reference_id	RHSA-2026:13600
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13600

reference_url	https://access.redhat.com/errata/RHSA-2026:13665
reference_id	RHSA-2026:13665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13665

reference_url	https://access.redhat.com/errata/RHSA-2026:13682
reference_id	RHSA-2026:13682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13682

reference_url	https://access.redhat.com/errata/RHSA-2026:13683
reference_id	RHSA-2026:13683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13683

reference_url	https://access.redhat.com/errata/RHSA-2026:13922
reference_id	RHSA-2026:13922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13922

reference_url	https://access.redhat.com/errata/RHSA-2026:13977
reference_id	RHSA-2026:13977
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13977

reference_url	https://access.redhat.com/errata/RHSA-2026:14223
reference_id	RHSA-2026:14223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14223

reference_url	https://access.redhat.com/errata/RHSA-2026:14303
reference_id	RHSA-2026:14303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14303

reference_url	https://access.redhat.com/errata/RHSA-2026:15889
reference_id	RHSA-2026:15889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15889

reference_url	https://access.redhat.com/errata/RHSA-2026:7671
reference_id	RHSA-2026:7671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7671

reference_url	https://access.redhat.com/errata/RHSA-2026:7672
reference_id	RHSA-2026:7672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7672

reference_url	https://access.redhat.com/errata/RHSA-2026:8052
reference_id	RHSA-2026:8052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8052

reference_url	https://access.redhat.com/errata/RHSA-2026:8459
reference_id	RHSA-2026:8459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8459

reference_url	https://access.redhat.com/errata/RHSA-2026:9345
reference_id	RHSA-2026:9345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9345

reference_url	https://access.redhat.com/errata/RHSA-2026:9638
reference_id	RHSA-2026:9638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9638

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=2017867

reference_id

show_bug.cgi?id=2017867

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=2017867

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie

aliases CVE-2026-5732

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wkz-pa84-v3hm

url VCID-ty3k-pg97-7ff9

vulnerability_id VCID-ty3k-pg97-7ff9

summary Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-5734

reference_id

reference_type

scores

value	0.00065
scoring_system	epss
scoring_elements	0.20326
published_at	2026-06-07T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20365
published_at	2026-06-06T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20374
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-5734

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2455897
reference_id	2455897
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2455897

reference_url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505

reference_id

buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/

url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-25

reference_id

mfsa2026-25

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-25

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-25/

reference_id

mfsa2026-25

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-25/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-27

reference_id

mfsa2026-27

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-27

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-27/

reference_id

mfsa2026-27

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-27/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-28

reference_id

mfsa2026-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-28/

reference_id

mfsa2026-28

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-29

reference_id

mfsa2026-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-29/

reference_id

mfsa2026-29

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-29/

reference_url	https://access.redhat.com/errata/RHSA-2026:11805
reference_id	RHSA-2026:11805
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:11805

reference_url	https://access.redhat.com/errata/RHSA-2026:11813
reference_id	RHSA-2026:11813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:11813

reference_url	https://access.redhat.com/errata/RHSA-2026:12264
reference_id	RHSA-2026:12264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:12264

reference_url	https://access.redhat.com/errata/RHSA-2026:13342
reference_id	RHSA-2026:13342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13342

reference_url	https://access.redhat.com/errata/RHSA-2026:13412
reference_id	RHSA-2026:13412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13412

reference_url	https://access.redhat.com/errata/RHSA-2026:13533
reference_id	RHSA-2026:13533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13533

reference_url	https://access.redhat.com/errata/RHSA-2026:13582
reference_id	RHSA-2026:13582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13582

reference_url	https://access.redhat.com/errata/RHSA-2026:13583
reference_id	RHSA-2026:13583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13583

reference_url	https://access.redhat.com/errata/RHSA-2026:13596
reference_id	RHSA-2026:13596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13596

reference_url	https://access.redhat.com/errata/RHSA-2026:13600
reference_id	RHSA-2026:13600
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13600

reference_url	https://access.redhat.com/errata/RHSA-2026:13665
reference_id	RHSA-2026:13665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13665

reference_url	https://access.redhat.com/errata/RHSA-2026:13682
reference_id	RHSA-2026:13682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13682

reference_url	https://access.redhat.com/errata/RHSA-2026:13683
reference_id	RHSA-2026:13683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13683

reference_url	https://access.redhat.com/errata/RHSA-2026:13922
reference_id	RHSA-2026:13922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13922

reference_url	https://access.redhat.com/errata/RHSA-2026:13977
reference_id	RHSA-2026:13977
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13977

reference_url	https://access.redhat.com/errata/RHSA-2026:14223
reference_id	RHSA-2026:14223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14223

reference_url	https://access.redhat.com/errata/RHSA-2026:14303
reference_id	RHSA-2026:14303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14303

reference_url	https://access.redhat.com/errata/RHSA-2026:15889
reference_id	RHSA-2026:15889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15889

reference_url	https://access.redhat.com/errata/RHSA-2026:7671
reference_id	RHSA-2026:7671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7671

reference_url	https://access.redhat.com/errata/RHSA-2026:7672
reference_id	RHSA-2026:7672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7672

reference_url	https://access.redhat.com/errata/RHSA-2026:8052
reference_id	RHSA-2026:8052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8052

reference_url	https://access.redhat.com/errata/RHSA-2026:8459
reference_id	RHSA-2026:8459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8459

reference_url	https://access.redhat.com/errata/RHSA-2026:9345
reference_id	RHSA-2026:9345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9345

reference_url	https://access.redhat.com/errata/RHSA-2026:9638
reference_id	RHSA-2026:9638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9638

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie

aliases CVE-2026-5734

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ty3k-pg97-7ff9

url VCID-waeb-qs91-4kbt

vulnerability_id VCID-waeb-qs91-4kbt

summary Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-5731

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21811
published_at	2026-06-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21857
published_at	2026-06-06T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21869
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-5731

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2455901
reference_id	2455901
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2455901

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-25

reference_id

mfsa2026-25

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-25

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-25/

reference_id

mfsa2026-25

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-25/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-26

reference_id

mfsa2026-26

reference_type

scores

value	low
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-26

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-26/

reference_id

mfsa2026-26

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-26/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-27

reference_id

mfsa2026-27

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-27

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-27/

reference_id

mfsa2026-27

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-27/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-28

reference_id

mfsa2026-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-28/

reference_id

mfsa2026-28

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-29

reference_id

mfsa2026-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2026-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2026-29/

reference_id

mfsa2026-29

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2026-29/

reference_url	https://access.redhat.com/errata/RHSA-2026:11805
reference_id	RHSA-2026:11805
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:11805

reference_url	https://access.redhat.com/errata/RHSA-2026:11813
reference_id	RHSA-2026:11813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:11813

reference_url	https://access.redhat.com/errata/RHSA-2026:12264
reference_id	RHSA-2026:12264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:12264

reference_url	https://access.redhat.com/errata/RHSA-2026:13342
reference_id	RHSA-2026:13342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13342

reference_url	https://access.redhat.com/errata/RHSA-2026:13412
reference_id	RHSA-2026:13412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13412

reference_url	https://access.redhat.com/errata/RHSA-2026:13533
reference_id	RHSA-2026:13533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13533

reference_url	https://access.redhat.com/errata/RHSA-2026:13582
reference_id	RHSA-2026:13582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13582

reference_url	https://access.redhat.com/errata/RHSA-2026:13583
reference_id	RHSA-2026:13583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13583

reference_url	https://access.redhat.com/errata/RHSA-2026:13596
reference_id	RHSA-2026:13596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13596

reference_url	https://access.redhat.com/errata/RHSA-2026:13600
reference_id	RHSA-2026:13600
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13600

reference_url	https://access.redhat.com/errata/RHSA-2026:13665
reference_id	RHSA-2026:13665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13665

reference_url	https://access.redhat.com/errata/RHSA-2026:13682
reference_id	RHSA-2026:13682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13682

reference_url	https://access.redhat.com/errata/RHSA-2026:13683
reference_id	RHSA-2026:13683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13683

reference_url	https://access.redhat.com/errata/RHSA-2026:13922
reference_id	RHSA-2026:13922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13922

reference_url	https://access.redhat.com/errata/RHSA-2026:13977
reference_id	RHSA-2026:13977
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13977

reference_url	https://access.redhat.com/errata/RHSA-2026:14223
reference_id	RHSA-2026:14223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14223

reference_url	https://access.redhat.com/errata/RHSA-2026:14303
reference_id	RHSA-2026:14303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14303

reference_url	https://access.redhat.com/errata/RHSA-2026:15889
reference_id	RHSA-2026:15889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15889

reference_url	https://access.redhat.com/errata/RHSA-2026:7671
reference_id	RHSA-2026:7671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7671

reference_url	https://access.redhat.com/errata/RHSA-2026:7672
reference_id	RHSA-2026:7672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7672

reference_url	https://access.redhat.com/errata/RHSA-2026:8052
reference_id	RHSA-2026:8052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8052

reference_url	https://access.redhat.com/errata/RHSA-2026:8459
reference_id	RHSA-2026:8459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8459

reference_url	https://access.redhat.com/errata/RHSA-2026:9345
reference_id	RHSA-2026:9345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9345

reference_url	https://access.redhat.com/errata/RHSA-2026:9638
reference_id	RHSA-2026:9638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9638

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie

aliases CVE-2026-5731

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-waeb-qs91-4kbt

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1%3Fdistro=trixie

Package Instance