Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/132012?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "thunderbird", "version": "1:140.11.0esr-1~deb13u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1:140.11.0esr-1", "latest_non_vulnerable_version": "1:140.11.0esr-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/367?format=api", "vulnerability_id": "VCID-11ng-ds1t-ybdy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8946.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8946.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8946", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15748", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15758", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8946" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8946" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479849", "reference_id": "2479849", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479849" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-47/", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2029070", "reference_id": "show_bug.cgi?id=2029070", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2029070" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8946" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11ng-ds1t-ybdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/371?format=api", "vulnerability_id": "VCID-1sgn-41vs-efcy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24543", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24553", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8401" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476492", "reference_id": "2476492", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476492" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-45", "reference_id": "mfsa2026-45", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-45" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-45/", "reference_id": "mfsa2026-45", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-45/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-47/", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038679", "reference_id": "show_bug.cgi?id=2038679", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038679" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8401" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1sgn-41vs-efcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/385?format=api", "vulnerability_id": "VCID-5fc5-xu9y-ekca", "summary": "Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8974.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8974.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14366", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14368", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8974" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8974", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8974" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479855", "reference_id": "2479855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479855" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8974" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5fc5-xu9y-ekca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/373?format=api", "vulnerability_id": "VCID-5h7s-sfrz-eye3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8950.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05084", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05099", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8950" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479853", "reference_id": "2479853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479853" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1965430", "reference_id": "show_bug.cgi?id=1965430", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1965430" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8950" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5h7s-sfrz-eye3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/375?format=api", "vulnerability_id": "VCID-e6ek-fjxf-subv", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8954.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8954.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.14079", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.14081", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8954" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479847", "reference_id": "2479847", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479847" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2030747", "reference_id": "show_bug.cgi?id=2030747", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2030747" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8954" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ek-fjxf-subv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/379?format=api", "vulnerability_id": "VCID-fbuu-t3mf-cfeg", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8958.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8958.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18366", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18363", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8958" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8958", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8958" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479848", "reference_id": "2479848", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479848" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2034713", "reference_id": "show_bug.cgi?id=2034713", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2034713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8958" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fbuu-t3mf-cfeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/369?format=api", "vulnerability_id": "VCID-fhmv-bse8-abaw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8947.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20297", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20308", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8947" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8947", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8947" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479873", "reference_id": "2479873", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479873" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-47/", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038439", "reference_id": "show_bug.cgi?id=2038439", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038439" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8947" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhmv-bse8-abaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/376?format=api", "vulnerability_id": "VCID-g339-cuzq-ffh1", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8955.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8955.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13908", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13912", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8955" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8955" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479842", "reference_id": "2479842", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479842" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2031064", "reference_id": "show_bug.cgi?id=2031064", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2031064" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8955" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g339-cuzq-ffh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/368?format=api", "vulnerability_id": "VCID-hjh5-utas-ekb9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8388.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13575", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1357", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8388" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8388" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476469", "reference_id": "2476469", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476469" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-45", "reference_id": "mfsa2026-45", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-45" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-45/", "reference_id": "mfsa2026-45", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-45/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-47/", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2036978", "reference_id": "show_bug.cgi?id=2036978", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2036978" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8388" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjh5-utas-ekb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/377?format=api", "vulnerability_id": "VCID-rne7-tu7d-v7e9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8956.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20099", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20105", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8956" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479839", "reference_id": "2479839", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479839" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2032427", "reference_id": "show_bug.cgi?id=2032427", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2032427" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8956" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rne7-tu7d-v7e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/384?format=api", "vulnerability_id": "VCID-tqws-w9ga-gqew", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8970.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13908", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13912", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8970" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479852", "reference_id": "2479852", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479852" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2032174", "reference_id": "show_bug.cgi?id=2032174", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2032174" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8970" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqws-w9ga-gqew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/386?format=api", "vulnerability_id": "VCID-tuxm-fxt8-vbee", "summary": "Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8975.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14692", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14686", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8975" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479840", "reference_id": "2479840", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479840" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669", "reference_id": "buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-47/", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8975" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tuxm-fxt8-vbee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/374?format=api", "vulnerability_id": "VCID-tzqv-xgdb-efa1", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8953.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8953.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14686", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14692", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8953" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479860", "reference_id": "2479860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479860" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-47/", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2029511", "reference_id": "show_bug.cgi?id=2029511", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2029511" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8953" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzqv-xgdb-efa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/378?format=api", "vulnerability_id": "VCID-uncq-bg36-3yfe", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8957.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13908", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13912", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8957" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8957", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8957" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479880", "reference_id": "2479880", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479880" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2033850", "reference_id": "show_bug.cgi?id=2033850", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2033850" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8957" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uncq-bg36-3yfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/382?format=api", "vulnerability_id": "VCID-vseb-hh7u-1fc5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8962.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15211", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15221", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8962" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479876", "reference_id": "2479876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479876" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004804", "reference_id": "show_bug.cgi?id=2004804", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8962" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vseb-hh7u-1fc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/370?format=api", "vulnerability_id": "VCID-w8ts-g59t-z3d7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8391.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8391.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8391", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28818", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28853", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8391" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8391", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8391" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476475", "reference_id": "2476475", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476475" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-45", "reference_id": "mfsa2026-45", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-45" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-45/", "reference_id": "mfsa2026-45", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-45/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-47/", "reference_id": "mfsa2026-47", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038575", "reference_id": "show_bug.cgi?id=2038575", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038575" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8391" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ts-g59t-z3d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/381?format=api", "vulnerability_id": "VCID-z1zg-s87s-fkdu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8961.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1059", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10613", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8961", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8961" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479871", "reference_id": "2479871", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479871" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1962625", "reference_id": "show_bug.cgi?id=1962625", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1962625" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8961" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z1zg-s87s-fkdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/383?format=api", "vulnerability_id": "VCID-z8mw-3stk-vbdg", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8968.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8968.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19518", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19523", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8968" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479846", "reference_id": "2479846", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479846" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "reference_id": "mfsa2026-46", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "reference_id": "mfsa2026-48", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "reference_id": "mfsa2026-50", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "reference_id": "mfsa2026-51", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21378", "reference_id": "RHSA-2026:21378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21380", "reference_id": "RHSA-2026:21380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21381", "reference_id": "RHSA-2026:21381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21382", "reference_id": "RHSA-2026:21382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22325", "reference_id": "RHSA-2026:22325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22643", "reference_id": "RHSA-2026:22643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22643" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2030467", "reference_id": "show_bug.cgi?id=2030467", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2030467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130941?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130939?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130943?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/132012?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130942?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-8968" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8mw-3stk-vbdg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie" }