Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/193020?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "type": "ebuild", "namespace": "mail-client", "name": "mozilla-thunderbird", "version": "2.0.0.14", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.0.0.16", "latest_non_vulnerable_version": "10.0.11", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2429?format=api", "vulnerability_id": "VCID-1uca-wctd-xqc6", "summary": "Mozilla developers identified and fixed several stability bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of\nthese crashes showed evidence of memory corruption under certain\ncircumstances and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and could\nbe vulnerable if JavaScript were to be enabled in mail. This is not the\ndefault setting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that\nfor some of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1237.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31817", "scoring_system": "epss", "scoring_elements": "0.96899", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.31817", "scoring_system": "epss", "scoring_elements": "0.96903", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1237" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=438721", "reference_id": "438721", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237", "reference_id": "CVE-2008-1237", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-15", "reference_id": "mfsa2008-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-20", "reference_id": "mfsa2008-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0207", "reference_id": "RHSA-2008:0207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0208", "reference_id": "RHSA-2008:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0209", "reference_id": "RHSA-2008:0209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0209" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" }, { "reference_url": "https://usn.ubuntu.com/605-1/", "reference_id": "USN-605-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/605-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-1237" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1uca-wctd-xqc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2472?format=api", "vulnerability_id": "VCID-27wg-hjuj-bqa7", "summary": "Security research firm iDefense reported that researcher\nregenrecht discovered a heap-based\nbuffer overflow vulnerability in Mozilla mail code which could potentially\nallow an attacker to run arbitrary code. The vulnerability is caused by\nallocating a buffer that can be three bytes too small in certain cases\nwhen viewing an email message with an external MIME body.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0304.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31809", "scoring_system": "epss", "scoring_elements": "0.96897", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.31809", "scoring_system": "epss", "scoring_elements": "0.96901", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0304" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=435123", "reference_id": "435123", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=435123" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304", "reference_id": "CVE-2008-0304", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-12", "reference_id": "mfsa2008-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/582-1/", "reference_id": "USN-582-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/582-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0304" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27wg-hjuj-bqa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2485?format=api", "vulnerability_id": "VCID-2dyf-9tzk-1ucm", "summary": "Mozilla contributor David Bloom reported a\nvulnerability in the way images are treated by the browser when a\nuser leaves a page which utilizes designMode frames.\nThe reported issue can be used to steal a user's navigation history,\nforward navigation information, and crash the user's browser.\nThe crash showed evidence of memory corruption and might be exploitable\nto run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0419.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18686", "scoring_system": "epss", "scoring_elements": "0.954", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.18686", "scoring_system": "epss", "scoring_elements": "0.95408", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431749", "reference_id": "431749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419", "reference_id": "CVE-2008-0419", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-06", "reference_id": "mfsa2008-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0419" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dyf-9tzk-1ucm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2495?format=api", "vulnerability_id": "VCID-359y-hcyn-x3ck", "summary": "Security researcher Gregory Fleischer demonstrated that\nweb content fetched via the jar: protocol can use Java via\nLiveConnect to open socket connections to arbitrary ports on the user's machine\n(\"localhost\"). The issue is caused by improper parsing of the content origin\npassed from the browser to the Java plugin. Such content was incorrectly\nevaluated to have a null host, assumed to be a local file, and was\nsubsequently allowed permission to connect to the localhost. Sun has updated\nthe Java Runtime Environment with a fix for this problem. Mozilla has also\nadded a fix to LiveConnect to protect users who don't have the latest version\nof Java.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04851", "scoring_system": "epss", "scoring_elements": "0.89724", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04851", "scoring_system": "epss", "scoring_elements": "0.8974", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240", "reference_id": "CVE-2008-1240", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-18", "reference_id": "mfsa2008-18", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-18" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-1240" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-359y-hcyn-x3ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2454?format=api", "vulnerability_id": "VCID-38nf-qree-mya5", "summary": "Security researchers Emil Ljungdahl and\nLars-Olof Moilanen demonstrated that, in cases where\nthe entire contents of a page are enclosed in a <div> with\nabsolute positioning, a web forgery warning dialog won't be displayed\nunless the user switches tabs away-from then back-to the forgery page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0594.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0594.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0594", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.83175", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.83201", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0594" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=432036", "reference_id": "432036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0594", "reference_id": "CVE-2008-0594", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0594" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-11", "reference_id": "mfsa2008-11", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-11" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0594" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38nf-qree-mya5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2428?format=api", "vulnerability_id": "VCID-4awt-7sff-v3dk", "summary": "Mozilla developers identified and fixed several stability bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of\nthese crashes showed evidence of memory corruption under certain\ncircumstances and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and could\nbe vulnerable if JavaScript were to be enabled in mail. This is not the\ndefault setting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that\nfor some of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1236.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31817", "scoring_system": "epss", "scoring_elements": "0.96899", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.31817", "scoring_system": "epss", "scoring_elements": "0.96903", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1236" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=438718", "reference_id": "438718", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438718" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236", "reference_id": "CVE-2008-1236", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-15", "reference_id": "mfsa2008-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0207", "reference_id": "RHSA-2008:0207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0208", "reference_id": "RHSA-2008:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0209", "reference_id": "RHSA-2008:0209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0209" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" }, { "reference_url": "https://usn.ubuntu.com/605-1/", "reference_id": "USN-605-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/605-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-1236" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4awt-7sff-v3dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2446?format=api", "vulnerability_id": "VCID-52n3-8f9y-uqe2", "summary": "WebKit developer Alexey Proskuryakov reported that \nthe Mozilla HTML parser treated the backspace character as whitespace\ncontrary to the HTML specification and different from other browsers.\nThis difference might lead to Cross-site Scripting (XSS) risks on sites\nwhich filtered input in accordance with the specification.Yosuke Hasegawa reported a flaw in the way Mozilla\nparses the control character 0x80 under Shift_JIS encoding. This flaw could\npotentially be used to evade web-site input filters and result in a XSS\nattack hazard. While investigating, Mozilla developer Simon\nMontagu discovered several variants of this flaw involving zero-length\nnon-ASCII sequences in ISO-2022-JP, ISO-2022-CN, ISO-2022-KR, and HZ-GB-2312.\nThese flaws were fixed in and prior to Firefox 2.0.0.12\nbut the announcement was held until other browser vendors could fix related\nflaws.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0416.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09262", "scoring_system": "epss", "scoring_elements": "0.92884", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09262", "scoring_system": "epss", "scoring_elements": "0.92896", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0416" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431740", "reference_id": "431740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416", "reference_id": "CVE-2008-0416", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-13", "reference_id": "mfsa2008-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0416" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52n3-8f9y-uqe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2426?format=api", "vulnerability_id": "VCID-6bc6-xdg7-sqew", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox 2.0.0.12 and other Mozilla-based\nproducts. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we\npresume that with enough effort at least some of these could be exploited\nto run arbitrary code.Thunderbird shares the browser engine with Firefox and could\nbe vulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in mail.\nWithout further investigation we cannot rule out the possibility that for some\nof these an attacker might be able to prepare memory for exploitation through\nsome means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0413.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0413.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0413", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0805", "scoring_system": "epss", "scoring_elements": "0.92271", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0805", "scoring_system": "epss", "scoring_elements": "0.92284", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0413" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431733", "reference_id": "431733", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413", "reference_id": "CVE-2008-0413", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-01", "reference_id": "mfsa2008-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" }, { "reference_url": "https://usn.ubuntu.com/582-1/", "reference_id": "USN-582-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/582-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0413" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bc6-xdg7-sqew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2496?format=api", "vulnerability_id": "VCID-6c2j-g8zz-33dt", "summary": "Fixes for security problems in the JavaScript engine described in \n\nMFSA 2008-15 (CVE-2008-1237) introduced a stability problem, where some\nusers experienced crashes during JavaScript garbage collection. This is being\nfixed primarily to address stability concerns. We have no demonstration that\nthis particular crash is exploitable but are issuing this advisory because\nsome crashes of this type have been shown to be exploitable in the past.This regression was introduced in Firefox 2.0.0.13 and does\nnot affect any shipping version of Thunderbird. Thunderbird 2.0.0.14 contains\nthe correct fix for MFSA 2008-15, although as noted in that advisory\nThunderbird users would be vulnerable only if they had enabled JavaScript.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1380.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17011", "scoring_system": "epss", "scoring_elements": "0.95104", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17011", "scoring_system": "epss", "scoring_elements": "0.95112", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1380" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=440518", "reference_id": "440518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380", "reference_id": "CVE-2008-1380", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://security.gentoo.org/glsa/200808-03", "reference_id": "GLSA-200808-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200808-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-20", "reference_id": "mfsa2008-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0222", "reference_id": "RHSA-2008:0222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0223", "reference_id": "RHSA-2008:0223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0224", "reference_id": "RHSA-2008:0224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0224" }, { "reference_url": "https://usn.ubuntu.com/602-1/", "reference_id": "USN-602-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/602-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/192158?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.16" } ], "aliases": [ "CVE-2008-1380" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6c2j-g8zz-33dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2418?format=api", "vulnerability_id": "VCID-au5q-x3zh-ruh5", "summary": "Mozilla contributors moz_bug_r_a4, Boris\nZbarsky, and Johnny Stenback reported a series of\nvulnerabilities which allow scripts from page content to run with elevated\nprivileges. moz_bug_r_a4 demonstrated additional variants of MFSA 2007-25\nand MFSA2007-35 (arbitrary code execution through XPCNativeWrapper pollution).\nAdditional vulnerabilities reported separately by Boris Zbarsky, Johnny\nStenback, and moz_bug_r_a4 showed that the browser could be forced to run\nJavaScript code using the wrong principal leading to universal XSS and\narbitrary code execution.Thunderbird shares the browser engine with Firefox and could\nbe vulnerable if JavaScript were to be enabled in mail. This is not the\ndefault setting and we strongly discourage users from running JavaScript in\nmail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1234.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09458", "scoring_system": "epss", "scoring_elements": "0.92968", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09458", "scoring_system": "epss", "scoring_elements": "0.92979", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1234" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=438715", "reference_id": "438715", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234", "reference_id": "CVE-2008-1234", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-14", "reference_id": "mfsa2008-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0207", "reference_id": "RHSA-2008:0207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0208", "reference_id": "RHSA-2008:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0209", "reference_id": "RHSA-2008:0209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0209" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" }, { "reference_url": "https://usn.ubuntu.com/605-1/", "reference_id": "USN-605-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/605-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-1234" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-au5q-x3zh-ruh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2417?format=api", "vulnerability_id": "VCID-axac-sm5g-5bec", "summary": "Mozilla contributors moz_bug_r_a4, Boris\nZbarsky, and Johnny Stenback reported a series of\nvulnerabilities which allow scripts from page content to run with elevated\nprivileges. moz_bug_r_a4 demonstrated additional variants of MFSA 2007-25\nand MFSA2007-35 (arbitrary code execution through XPCNativeWrapper pollution).\nAdditional vulnerabilities reported separately by Boris Zbarsky, Johnny\nStenback, and moz_bug_r_a4 showed that the browser could be forced to run\nJavaScript code using the wrong principal leading to universal XSS and\narbitrary code execution.Thunderbird shares the browser engine with Firefox and could\nbe vulnerable if JavaScript were to be enabled in mail. This is not the\ndefault setting and we strongly discourage users from running JavaScript in\nmail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1233.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24819", "scoring_system": "epss", "scoring_elements": "0.96256", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.24819", "scoring_system": "epss", "scoring_elements": "0.96261", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1233" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=438713", "reference_id": "438713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233", "reference_id": "CVE-2008-1233", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-14", "reference_id": "mfsa2008-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0207", "reference_id": "RHSA-2008:0207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0208", "reference_id": "RHSA-2008:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0209", "reference_id": "RHSA-2008:0209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0209" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" }, { "reference_url": "https://usn.ubuntu.com/605-1/", "reference_id": "USN-605-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/605-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-1233" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axac-sm5g-5bec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2445?format=api", "vulnerability_id": "VCID-d4q7-af81-tfh3", "summary": "Security researcher Gregory Fleischer demonstrated a\nproblem with the HTTP Referer: (sic) header sent with requests\nto URLs containing Basic Authentication credentials with empty usernames.\nIn these cases a number of leading characters, based on the length of the\npassword in the URL, are removed from the referrer hostname. Fleischer\npointed out that websites which only check the Referer: header\nto protect against Cross-Site Request Forgery (CSRF) could be attacked using\nthis flaw. This concept was based on and expanded from a post to the\nsla.ckers.org forum by security researcher RSnake.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1238.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1238.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07189", "scoring_system": "epss", "scoring_elements": "0.91736", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07189", "scoring_system": "epss", "scoring_elements": "0.91748", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1238" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=438724", "reference_id": "438724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238", "reference_id": "CVE-2008-1238", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-16", "reference_id": "mfsa2008-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0207", "reference_id": "RHSA-2008:0207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0208", "reference_id": "RHSA-2008:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0209", "reference_id": "RHSA-2008:0209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0209" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-1238" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4q7-af81-tfh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2453?format=api", "vulnerability_id": "VCID-ep5e-rwsn-8qhp", "summary": "Peter Brodersen and Alexander Klink\nindependently reported that the default setting for SSL Client Authentication,\nautomatically selecting a client certificate on behalf of the user, creates\na potential privacy issue for users by allowing tracking through client\ncertificates. For users who already have certificates some real-world\nidentity information such as an email address or name may be available\nto web sites depending on the purpose of the certificate and its issuer.The default preference has been changed to prompt the user each time\na website requests a client certificate.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01587", "scoring_system": "epss", "scoring_elements": "0.81957", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01587", "scoring_system": "epss", "scoring_elements": "0.81991", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879", "reference_id": "CVE-2007-4879", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-17", "reference_id": "mfsa2008-17", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-17" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2007-4879" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ep5e-rwsn-8qhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2416?format=api", "vulnerability_id": "VCID-frxr-esg5-ryd7", "summary": "Security researchers hong and Gregory\nFleischer each reported a variant on earlier reported bugs\nregarding focus shifting in file input controls. Their variants\nused file input controls nested inside <label> tags\nto take advantage of automatic focus shifting into the file input field\nnoted on the Hacker WebZine. As with the earlier reported issues\nthis issue could be used to force a user to upload arbitrary files\nassuming the attacker knows the full path and name of the file.These bugs are variations on earlier problems reported by\nCharles McAuley and Michal Zalewski\nwhich were fixed in Firefox 2.0.0.4, as well as an issue reported by\nhong which was fixed in Firefox 2.0.0.8.Gregory Fleischer also submitted several other variations of\nthe same problem.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0414.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0414.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.8361", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.83634", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0414" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=432040", "reference_id": "432040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0414", "reference_id": "CVE-2008-0414", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0414" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-02", "reference_id": "mfsa2008-02", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0208", "reference_id": "RHSA-2008:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0208" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0414" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frxr-esg5-ryd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2478?format=api", "vulnerability_id": "VCID-ftx3-d7j8-skep", "summary": "Security researcher Martin Straka reported\nthat Gecko-based browsers update the .href property of stylesheet\nDOM nodes to reflect the final URI of the stylesheet after following\nany 302 redirects (much as the document.location property is updated).\nThis differs from other browsers and could potentially reveal sensitive\nURL parameters, such as those used by Single-signon systems, to scripts\non the page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0593.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0593.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0593", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.78295", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.7832", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0593" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431756", "reference_id": "431756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593", "reference_id": "CVE-2008-0593", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-10", "reference_id": "mfsa2008-10", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0593" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftx3-d7j8-skep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2497?format=api", "vulnerability_id": "VCID-jbys-r4mj-cydy", "summary": "Gerry Eisenhaur reported the chrome: URI scheme\nimproperly allowed directory traversal that could be used to load\nJavaScript, images, and stylesheets from local files in known locations.\nThis traversal was possible only when the browser had installed add-ons\nwhich used \"flat\" packaging rather than the more popular .jar packaging,\nand the attacker would need to target that specific add-on.Mozilla researcher moz_bug_r_a4 reported that this\nvulnerability could be used to steal the contents of the browser's\nsessionstore.js file, which contains session cookie data\nand information about currently open web pages.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0418.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38662", "scoring_system": "epss", "scoring_elements": "0.97333", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.38662", "scoring_system": "epss", "scoring_elements": "0.97338", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0418" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431748", "reference_id": "431748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418", "reference_id": "CVE-2008-0418", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/31051.txt", "reference_id": "CVE-2008-0418;OSVDB-41187", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/31051.txt" }, { "reference_url": "https://www.securityfocus.com/bid/27406/info", "reference_id": "CVE-2008-0418;OSVDB-41187", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/27406/info" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-05", "reference_id": "mfsa2008-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" }, { "reference_url": "https://usn.ubuntu.com/582-1/", "reference_id": "USN-582-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/582-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0418" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbys-r4mj-cydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2419?format=api", "vulnerability_id": "VCID-jedz-rd4u-6fe3", "summary": "Mozilla contributors moz_bug_r_a4, Boris\nZbarsky, and Johnny Stenback reported a series of\nvulnerabilities which allow scripts from page content to run with elevated\nprivileges. moz_bug_r_a4 demonstrated additional variants of MFSA 2007-25\nand MFSA2007-35 (arbitrary code execution through XPCNativeWrapper pollution).\nAdditional vulnerabilities reported separately by Boris Zbarsky, Johnny\nStenback, and moz_bug_r_a4 showed that the browser could be forced to run\nJavaScript code using the wrong principal leading to universal XSS and\narbitrary code execution.Thunderbird shares the browser engine with Firefox and could\nbe vulnerable if JavaScript were to be enabled in mail. This is not the\ndefault setting and we strongly discourage users from running JavaScript in\nmail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1235.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23963", "scoring_system": "epss", "scoring_elements": "0.96133", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.23963", "scoring_system": "epss", "scoring_elements": "0.96139", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1235" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=438717", "reference_id": "438717", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438717" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235", "reference_id": "CVE-2008-1235", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-14", "reference_id": "mfsa2008-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0207", "reference_id": "RHSA-2008:0207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0208", "reference_id": "RHSA-2008:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0209", "reference_id": "RHSA-2008:0209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0209" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" }, { "reference_url": "https://usn.ubuntu.com/605-1/", "reference_id": "USN-605-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/605-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-1235" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jedz-rd4u-6fe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2476?format=api", "vulnerability_id": "VCID-m4ge-x2x9-vyhd", "summary": "Mozilla contributor oo.rio.oo demonstrated that\nonce a file with Content-Disposition: attachment and\n(improper) Content-Type: plain/text is saved locally,\nthe browser would no longer open local files with .txt extensions\nfor viewing, but would rather prompt the user to save the file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0592.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0592.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03401", "scoring_system": "epss", "scoring_elements": "0.87635", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03401", "scoring_system": "epss", "scoring_elements": "0.87656", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0592" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431752", "reference_id": "431752", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592", "reference_id": "CVE-2008-0592", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-09", "reference_id": "mfsa2008-09", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0592" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4ge-x2x9-vyhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2455?format=api", "vulnerability_id": "VCID-nd9m-nqub-27a3", "summary": "Mozilla contributors moz_bug_r_a4 and\nBoris Zbarsky submitted a series of vulnerabilities\nwhich allow scripts from page content to escape from its sandboxed\ncontext and/or run with chrome privileges. An additional vulnerability\nreported by moz_bug_r_a4 demonstrated that the XMLDocument.load()\nfunction can be used to inject script into another site, violating the\nbrowser's same-origin policy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0415.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0415.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02001", "scoring_system": "epss", "scoring_elements": "0.83983", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02001", "scoring_system": "epss", "scoring_elements": "0.84006", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0415" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431739", "reference_id": "431739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415", "reference_id": "CVE-2008-0415", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-03", "reference_id": "mfsa2008-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" }, { "reference_url": "https://usn.ubuntu.com/582-1/", "reference_id": "USN-582-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/582-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0415" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nd9m-nqub-27a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2452?format=api", "vulnerability_id": "VCID-vnez-z562-73gr", "summary": "Security researcher Gynvael Coldwind of Vexillium\n(crediting help from udevd and porneL)\ndemonstrated that BMP images\ncould be used to reveal small chunks of uninitialized memory\nthat might contain sensitive data from other pages or other\nprograms, and that this data could be extracted from the\nimage using methods associated with the <canvas>\nfeature.\nBecause this flaw also affected products from other vendors disclosure\nwas delayed until they could release a fix.Update: Thunderbird was incorrectly listed as affected by this\nvulnerability. The maliciously formed BMP images would contain\nnoise influenced by uninitialized memory as in Firefox, but Thunderbird\nlacks the <canvas> feature necessary for an attacker\nto extract the data from the image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0420.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0420.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02828", "scoring_system": "epss", "scoring_elements": "0.86444", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02828", "scoring_system": "epss", "scoring_elements": "0.86468", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0420" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431750", "reference_id": "431750", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0420", "reference_id": "CVE-2008-0420", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0420" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-07", "reference_id": "mfsa2008-07", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" }, { "reference_url": "https://usn.ubuntu.com/582-1/", "reference_id": "USN-582-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/582-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0420" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnez-z562-73gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2463?format=api", "vulnerability_id": "VCID-vnfv-1da2-ekan", "summary": "Security researcher Michal Zalewski demonstrated\nthat timer-enabled security dialogs can be subverted by attackers using\nJavaScript to change the window focus. Zalewski showed that a user\ncould be tricked into confirming a security dialog of this type by\nbringing the dialog back into focus right before a user clicked in\na predictable time and place.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0591.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0591.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0591", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07342", "scoring_system": "epss", "scoring_elements": "0.9184", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07342", "scoring_system": "epss", "scoring_elements": "0.91852", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0591" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431751", "reference_id": "431751", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591", "reference_id": "CVE-2008-0591", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-08", "reference_id": "mfsa2008-08", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" }, { "reference_url": "https://usn.ubuntu.com/582-1/", "reference_id": "USN-582-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/582-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0591" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnfv-1da2-ekan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2430?format=api", "vulnerability_id": "VCID-vtag-6v5p-yfb8", "summary": "Mozilla contributor Chris Thomas demonstrated that it was\npossible to have a background tab create a borderless XUL pop-up in front of\nthe active tab in the user's browser. This technique could be used by an\nattacker to spoof form elements such as a login prompt for a site opened\nin a different tab and steal the user's login credentials for that site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1241.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1241.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04431", "scoring_system": "epss", "scoring_elements": "0.89225", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04431", "scoring_system": "epss", "scoring_elements": "0.89243", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1241" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=438730", "reference_id": "438730", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241", "reference_id": "CVE-2008-1241", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-19", "reference_id": "mfsa2008-19", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0207", "reference_id": "RHSA-2008:0207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0208", "reference_id": "RHSA-2008:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0209", "reference_id": "RHSA-2008:0209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0209" }, { "reference_url": "https://usn.ubuntu.com/592-1/", "reference_id": "USN-592-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/592-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-1241" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtag-6v5p-yfb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2425?format=api", "vulnerability_id": "VCID-vxzf-uhr6-rycb", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox 2.0.0.12 and other Mozilla-based\nproducts. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we\npresume that with enough effort at least some of these could be exploited\nto run arbitrary code.Thunderbird shares the browser engine with Firefox and could\nbe vulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in mail.\nWithout further investigation we cannot rule out the possibility that for some\nof these an attacker might be able to prepare memory for exploitation through\nsome means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0412.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0412.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11553", "scoring_system": "epss", "scoring_elements": "0.9377", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11553", "scoring_system": "epss", "scoring_elements": "0.9378", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0412" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431732", "reference_id": "431732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412", "reference_id": "CVE-2008-0412", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-01", "reference_id": "mfsa2008-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0105", "reference_id": "RHSA-2008:0105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" }, { "reference_url": "https://usn.ubuntu.com/582-1/", "reference_id": "USN-582-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/582-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0412" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxzf-uhr6-rycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2474?format=api", "vulnerability_id": "VCID-xayb-bkzz-zkfg", "summary": "Mozilla developer Justin Dolske discovered that\nmalicious sites, upon a user saving his or her password, could inject\nnewlines into Firefox's password store and corrupt saved passwords\nfor other sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0417.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0417.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02112", "scoring_system": "epss", "scoring_elements": "0.84424", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02112", "scoring_system": "epss", "scoring_elements": "0.84447", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0417" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431742", "reference_id": "431742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417", "reference_id": "CVE-2008-0417", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417" }, { "reference_url": "https://security.gentoo.org/glsa/200805-18", "reference_id": "GLSA-200805-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-04", "reference_id": "mfsa2008-04", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0103", "reference_id": "RHSA-2008:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0104", "reference_id": "RHSA-2008:0104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0104" }, { "reference_url": "https://usn.ubuntu.com/576-1/", "reference_id": "USN-576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193020?format=api", "purl": "pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" } ], "aliases": [ "CVE-2008-0417" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xayb-bkzz-zkfg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14" }