Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/177673?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/177673?format=api", "purl": "pkg:rpm/redhat/thunderbird@24.2.0-1?arch=el6_5", "type": "rpm", "namespace": "redhat", "name": "thunderbird", "version": "24.2.0-1", "qualifiers": { "arch": "el6_5" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2074?format=api", "vulnerability_id": "VCID-4gbc-6zrz-dfb8", "summary": "Mozilla security developer Daniel Veditz discovered that\n<iframe sandbox> restrictions are not applied to an\n<object> element contained within a sandboxed iframe. This\ncould allow content hosted within a sandboxed iframe to use\n<object> element to bypass the sandbox restrictions that\nshould be applied.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5614.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51545", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51605", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5614" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039421", "reference_id": "1039421", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614", "reference_id": "CVE-2013-5614", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614" }, { "reference_url": "https://security.gentoo.org/glsa/201504-01", "reference_id": "GLSA-201504-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-107", "reference_id": "mfsa2013-107", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1812", "reference_id": "RHSA-2013:1812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1823", "reference_id": "RHSA-2013:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1823" }, { "reference_url": "https://usn.ubuntu.com/2052-1/", "reference_id": "USN-2052-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2052-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-5614" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gbc-6zrz-dfb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2058?format=api", "vulnerability_id": "VCID-5jeg-ytzh-rff7", "summary": "Security researchers Tyson Smith and Jesse\nSchwartzentruber of the BlackBerry Security Automated Analysis Team\nused the Address Sanitizer tool while fuzzing to discover a user-after-free in\nthe functions for synthetic mouse movement handling. Security researcher\nAtte Kettunen from OUSPG also reported a variant of the same\nflaw. This issue leads to a potentially exploitable crash.\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5613.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11056", "scoring_system": "epss", "scoring_elements": "0.93586", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11056", "scoring_system": "epss", "scoring_elements": "0.93597", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5613" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039429", "reference_id": "1039429", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613", "reference_id": "CVE-2013-5613", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613" }, { "reference_url": "https://security.gentoo.org/glsa/201504-01", "reference_id": "GLSA-201504-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-114", "reference_id": "mfsa2013-114", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-114" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1812", "reference_id": "RHSA-2013:1812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1823", "reference_id": "RHSA-2013:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1823" }, { "reference_url": "https://usn.ubuntu.com/2052-1/", "reference_id": "USN-2052-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2052-1/" }, { "reference_url": "https://usn.ubuntu.com/2053-1/", "reference_id": "USN-2053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2053-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-5613" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jeg-ytzh-rff7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2064?format=api", "vulnerability_id": "VCID-7n14-qc7w-23f8", "summary": "Security researchers Tyson Smith and Jesse\nSchwartzentruber of the BlackBerry Security Automated Analysis Team\nused the Address Sanitizer tool while fuzzing to discover a mechanism where\ninserting an ordered list into a document through script could lead to a\npotentially exploitable crash that can be triggered by web content. \nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6671.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6671.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10399", "scoring_system": "epss", "scoring_elements": "0.93347", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10399", "scoring_system": "epss", "scoring_elements": "0.93358", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6671" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039426", "reference_id": "1039426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671", "reference_id": "CVE-2013-6671", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671" }, { "reference_url": "https://security.gentoo.org/glsa/201504-01", "reference_id": "GLSA-201504-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-111", "reference_id": "mfsa2013-111", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1812", "reference_id": "RHSA-2013:1812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1823", "reference_id": "RHSA-2013:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1823" }, { "reference_url": "https://usn.ubuntu.com/2052-1/", "reference_id": "USN-2052-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2052-1/" }, { "reference_url": "https://usn.ubuntu.com/2053-1/", "reference_id": "USN-2053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2053-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-6671" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7n14-qc7w-23f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2767?format=api", "vulnerability_id": "VCID-b1wu-yyef-gfa3", "summary": "Security researcher Fabián Cuchietti discovered that\nit was possible to bypass the restriction on JavaScript execution in mail by\nembedding an <iframe> with a data: URL within a message. If the victim\nreplied or forwarded the mail after receiving it, quoting it \"in-line\"\nusing Thunderbird's HTML mail editor, it would run the attached script. The\nrunning script would be restricted to the mail composition window where it could\nobserve and potentially modify the content of the mail before it was sent.\nScripts were not executed if the recipient merely viewed the mail, only if it\nwas edited as HTML. Turning off HTML composition prevented the vulnerability and\nforwarding the mail \"as attachment\" prevented the forwarding\nvariant.Ateeq ur Rehman Khan of Vulnerability Labs reported\nadditional variants of this attack involving the use of the <object> tag\nand which could be used to attach object data types such as images, audio, or\nvideo.This affected the Thunderbird 17 branch. It was fixed in all\nversions based on Gecko 23 or later. Thunderbird 24 and later are not affected\nby this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6674.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.47529", "scoring_system": "epss", "scoring_elements": "0.97758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.47529", "scoring_system": "epss", "scoring_elements": "0.97761", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6674" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063120", "reference_id": "1063120", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6674", "reference_id": "CVE-2013-6674", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6674" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31223.txt", "reference_id": "CVE-2013-6674;OSVDB-102566", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31223.txt" }, { "reference_url": "https://www.vulnerability-lab.com/get_content.php?id=953", "reference_id": "CVE-2013-6674;OSVDB-102566", "reference_type": "exploit", "scores": [], "url": "https://www.vulnerability-lab.com/get_content.php?id=953" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-14", "reference_id": "mfsa2014-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1823", "reference_id": "RHSA-2013:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1823" }, { "reference_url": "https://usn.ubuntu.com/2119-1/", "reference_id": "USN-2119-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2119-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-6674" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1wu-yyef-gfa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2129?format=api", "vulnerability_id": "VCID-bpzv-nc7w-skc1", "summary": "Security researcher Nils used the Address Sanitizer tool\nwhile fuzzing to discover a use-after-free problem in the table editing user\ninterface of the editor during garbage collection. This leads to a potentially\nexploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5618.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10378", "scoring_system": "epss", "scoring_elements": "0.9334", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10378", "scoring_system": "epss", "scoring_elements": "0.93351", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5618" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039423", "reference_id": "1039423", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618", "reference_id": "CVE-2013-5618", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618" }, { "reference_url": "https://security.gentoo.org/glsa/201504-01", "reference_id": "GLSA-201504-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-109", "reference_id": "mfsa2013-109", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1812", "reference_id": "RHSA-2013:1812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1823", "reference_id": "RHSA-2013:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1823" }, { "reference_url": "https://usn.ubuntu.com/2052-1/", "reference_id": "USN-2052-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2052-1/" }, { "reference_url": "https://usn.ubuntu.com/2053-1/", "reference_id": "USN-2053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2053-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-5618" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bpzv-nc7w-skc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1996?format=api", "vulnerability_id": "VCID-c66d-1g74-jqa6", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG found an out-of-bounds read while rendering GIF\nformat images. This could cause a non-exploitable crash and could also attempt\nto render normally inaccessible data as part of the image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0772.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01287", "scoring_system": "epss", "scoring_elements": "0.79981", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01287", "scoring_system": "epss", "scoring_elements": "0.80006", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=911840", "reference_id": "911840", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772", "reference_id": "CVE-2013-0772", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772" }, { "reference_url": "https://security.gentoo.org/glsa/201309-23", "reference_id": "GLSA-201309-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-22", "reference_id": "mfsa2013-22", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1812", "reference_id": "RHSA-2013:1812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1823", "reference_id": "RHSA-2013:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1823" }, { "reference_url": "https://usn.ubuntu.com/1729-1/", "reference_id": "USN-1729-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1729-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-0772" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c66d-1g74-jqa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2002?format=api", "vulnerability_id": "VCID-qtvy-hphf-w3fg", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5609.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5609.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5609", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02752", "scoring_system": "epss", "scoring_elements": "0.86277", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02752", "scoring_system": "epss", "scoring_elements": "0.86298", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5609" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039417", "reference_id": "1039417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609", "reference_id": "CVE-2013-5609", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609" }, { "reference_url": "https://security.gentoo.org/glsa/201504-01", "reference_id": "GLSA-201504-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-104", "reference_id": "mfsa2013-104", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1812", "reference_id": "RHSA-2013:1812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1823", "reference_id": "RHSA-2013:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1823" }, { "reference_url": "https://usn.ubuntu.com/2052-1/", "reference_id": "USN-2052-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2052-1/" }, { "reference_url": "https://usn.ubuntu.com/2053-1/", "reference_id": "USN-2053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2053-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-5609" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtvy-hphf-w3fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2070?format=api", "vulnerability_id": "VCID-tzau-6ftq-qfh8", "summary": "Security researcher Masato Kinugawa discovered that if a web\npage is missing character set encoding information it can inherit character\nencodings across navigations into another domain from an earlier site. Only\nsame-origin inheritance is allowed according to the HTML5 specification. This\nissue allows an attacker to add content that will be interpreted one way on the\nvictim site, but which may then behave differently, evading cross-site scripting\n(XSS) filtering, when forced into an unexpected character set. Web site authors\nshould always explicitly declare a character encoding to avoid similar issues.\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5612.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5612.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5612", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.73276", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.73312", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5612" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039420", "reference_id": "1039420", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039420" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612", "reference_id": "CVE-2013-5612", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612" }, { "reference_url": "https://security.gentoo.org/glsa/201504-01", "reference_id": "GLSA-201504-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-106", "reference_id": "mfsa2013-106", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1812", "reference_id": "RHSA-2013:1812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1823", "reference_id": "RHSA-2013:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1823" }, { "reference_url": "https://usn.ubuntu.com/2052-1/", "reference_id": "USN-2052-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2052-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-5612" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzau-6ftq-qfh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2121?format=api", "vulnerability_id": "VCID-vbnf-8wtz-8be5", "summary": "Security researchers Tyson Smith and Jesse\nSchwartzentruber of the BlackBerry Security Automated Analysis Team\nused the Address Sanitizer tool while fuzzing to discover a user-after-free when\ninteracting with event listeners from the mListeners array. This\nleads to a potentially exploitable crash.\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5616.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02874", "scoring_system": "epss", "scoring_elements": "0.86545", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02874", "scoring_system": "epss", "scoring_elements": "0.86568", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5616" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039422", "reference_id": "1039422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616", "reference_id": "CVE-2013-5616", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616" }, { "reference_url": "https://security.gentoo.org/glsa/201504-01", "reference_id": "GLSA-201504-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-108", "reference_id": "mfsa2013-108", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1812", "reference_id": "RHSA-2013:1812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1823", "reference_id": "RHSA-2013:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1823" }, { "reference_url": "https://usn.ubuntu.com/2052-1/", "reference_id": "USN-2052-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2052-1/" }, { "reference_url": "https://usn.ubuntu.com/2053-1/", "reference_id": "USN-2053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2053-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-5616" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbnf-8wtz-8be5" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@24.2.0-1%3Farch=el6_5" }