Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1724?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1724?format=api", "purl": "pkg:alpm/archlinux/firefox@64.0.2-1", "type": "alpm", "namespace": "archlinux", "name": "firefox", "version": "64.0.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "65.0-1", "latest_non_vulnerable_version": "101.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1640?format=api", "vulnerability_id": "VCID-fgb7-rh62-xkg4", "summary": "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18500.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.35406", "scoring_system": "epss", "scoring_elements": "0.97143", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670631", "reference_id": "1670631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670631" }, { "reference_url": "https://security.archlinux.org/ASA-201902-2", "reference_id": "ASA-201902-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-2" }, { "reference_url": "https://security.archlinux.org/AVG-862", "reference_id": "AVG-862", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-862" }, { "reference_url": "https://security.gentoo.org/glsa/201903-04", "reference_id": "GLSA-201903-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-04" }, { "reference_url": "https://security.gentoo.org/glsa/201904-07", "reference_id": "GLSA-201904-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201904-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01", "reference_id": "mfsa2019-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-02", "reference_id": "mfsa2019-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-03", "reference_id": "mfsa2019-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0218", "reference_id": "RHSA-2019:0218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0219", "reference_id": "RHSA-2019:0219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0269", "reference_id": "RHSA-2019:0269", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0270", "reference_id": "RHSA-2019:0270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0270" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1725?format=api", "purl": "pkg:alpm/archlinux/firefox@65.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0-1" } ], "aliases": [ "CVE-2018-18500" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgb7-rh62-xkg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1644?format=api", "vulnerability_id": "VCID-fvh9-g91r-ekfw", "summary": "When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18506.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01107", "scoring_system": "epss", "scoring_elements": "0.78448", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690673", "reference_id": "1690673", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690673" }, { "reference_url": "https://security.archlinux.org/ASA-201902-2", "reference_id": "ASA-201902-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-2" }, { "reference_url": "https://security.archlinux.org/AVG-862", "reference_id": "AVG-862", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-862" }, { "reference_url": "https://security.gentoo.org/glsa/201904-07", "reference_id": "GLSA-201904-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201904-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01", "reference_id": "mfsa2019-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-08", "reference_id": "mfsa2019-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-11", "reference_id": "mfsa2019-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0622", "reference_id": "RHSA-2019:0622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0623", "reference_id": "RHSA-2019:0623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0680", "reference_id": "RHSA-2019:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0681", "reference_id": "RHSA-2019:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0966", "reference_id": "RHSA-2019:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1144", "reference_id": "RHSA-2019:1144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1725?format=api", "purl": "pkg:alpm/archlinux/firefox@65.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0-1" } ], "aliases": [ "CVE-2018-18506" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fvh9-g91r-ekfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1643?format=api", "vulnerability_id": "VCID-jwtr-nz8r-uffb", "summary": "When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.82222", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18503" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/ASA-201902-2", "reference_id": "ASA-201902-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-2" }, { "reference_url": "https://security.archlinux.org/AVG-862", "reference_id": "AVG-862", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-862" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01", "reference_id": "mfsa2019-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1725?format=api", "purl": "pkg:alpm/archlinux/firefox@65.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0-1" } ], "aliases": [ "CVE-2018-18503" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwtr-nz8r-uffb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1645?format=api", "vulnerability_id": "VCID-rzzn-69ne-nkh8", "summary": "Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos Álvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0322", "scoring_system": "epss", "scoring_elements": "0.87287", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18502" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/ASA-201902-2", "reference_id": "ASA-201902-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-2" }, { "reference_url": "https://security.archlinux.org/AVG-862", "reference_id": "AVG-862", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-862" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01", "reference_id": "mfsa2019-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1725?format=api", "purl": "pkg:alpm/archlinux/firefox@65.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0-1" } ], "aliases": [ "CVE-2018-18502" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzzn-69ne-nkh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1642?format=api", "vulnerability_id": "VCID-s5tu-sfkg-uyg6", "summary": "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02044", "scoring_system": "epss", "scoring_elements": "0.84165", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670633", "reference_id": "1670633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670633" }, { "reference_url": "https://security.archlinux.org/ASA-201902-2", "reference_id": "ASA-201902-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-2" }, { "reference_url": "https://security.archlinux.org/AVG-862", "reference_id": "AVG-862", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-862" }, { "reference_url": "https://security.gentoo.org/glsa/201903-04", "reference_id": "GLSA-201903-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-04" }, { "reference_url": "https://security.gentoo.org/glsa/201904-07", "reference_id": "GLSA-201904-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201904-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01", "reference_id": "mfsa2019-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-02", "reference_id": "mfsa2019-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-03", "reference_id": "mfsa2019-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0218", "reference_id": "RHSA-2019:0218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0219", "reference_id": "RHSA-2019:0219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0269", "reference_id": "RHSA-2019:0269", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0270", "reference_id": "RHSA-2019:0270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0270" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1725?format=api", "purl": "pkg:alpm/archlinux/firefox@65.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0-1" } ], "aliases": [ "CVE-2018-18505" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5tu-sfkg-uyg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1641?format=api", "vulnerability_id": "VCID-t3qx-y3m5-mbes", "summary": "A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02225", "scoring_system": "epss", "scoring_elements": "0.84819", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18504" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/ASA-201902-2", "reference_id": "ASA-201902-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-2" }, { "reference_url": "https://security.archlinux.org/AVG-862", "reference_id": "AVG-862", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-862" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01", "reference_id": "mfsa2019-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1725?format=api", "purl": "pkg:alpm/archlinux/firefox@65.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0-1" } ], "aliases": [ "CVE-2018-18504" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t3qx-y3m5-mbes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1646?format=api", "vulnerability_id": "VCID-u2cf-d5ph-m7as", "summary": "Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18501.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05486", "scoring_system": "epss", "scoring_elements": "0.90375", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670632", "reference_id": "1670632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670632" }, { "reference_url": "https://security.archlinux.org/ASA-201902-2", "reference_id": "ASA-201902-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-2" }, { "reference_url": "https://security.archlinux.org/AVG-862", "reference_id": "AVG-862", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-862" }, { "reference_url": "https://security.gentoo.org/glsa/201903-04", "reference_id": "GLSA-201903-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-04" }, { "reference_url": "https://security.gentoo.org/glsa/201904-07", "reference_id": "GLSA-201904-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201904-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01", "reference_id": "mfsa2019-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-02", "reference_id": "mfsa2019-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-03", "reference_id": "mfsa2019-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0218", "reference_id": "RHSA-2019:0218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0219", "reference_id": "RHSA-2019:0219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0269", "reference_id": "RHSA-2019:0269", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0270", "reference_id": "RHSA-2019:0270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0270" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1725?format=api", "purl": "pkg:alpm/archlinux/firefox@65.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0-1" } ], "aliases": [ "CVE-2018-18501" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2cf-d5ph-m7as" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0.2-1" }