Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/firefox@63.0.3-1

Type alpm

Namespace archlinux

Name firefox

Version 63.0.3-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 64.0-1

Latest_non_vulnerable_version 101.0-1

Affected_by_vulnerabilities

url VCID-9h4y-xcex-1fch

vulnerability_id VCID-9h4y-xcex-1fch

summary WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18495.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18495.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18495

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55696
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55849
published_at	2026-04-21T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55873
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55853
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55834
published_at	2026-04-13T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55871
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55875
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55808
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5583
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5581
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55861
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55864
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18495

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1427585

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-29/

reference_url	http://www.securityfocus.com/bid/106167
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106167

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696138
reference_id	1696138
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696138

reference_url	https://security.archlinux.org/ASA-201812-9
reference_id	ASA-201812-9
reference_type
scores
url	https://security.archlinux.org/ASA-201812-9

reference_url

https://security.archlinux.org/AVG-833

reference_id

AVG-833

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-833

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18495

reference_id

CVE-2018-18495

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18495

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_id

mfsa2018-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_url	https://usn.ubuntu.com/3844-1/
reference_id	USN-3844-1
reference_type
scores
url	https://usn.ubuntu.com/3844-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@64.0-1
purl	pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1

aliases CVE-2018-18495

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9h4y-xcex-1fch

url VCID-cszr-1fu2-6be5

vulnerability_id VCID-cszr-1fu2-6be5

summary Mozilla developers and community members Alex Gaynor, André Bargull, Boris Zbarsky, Christian Holler, Jan de Mooij, Jason Kratzer, Philipp, Ronald Crane, Natalia Csoregi, and Paul Theriault reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12406.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12406.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12406

reference_id

reference_type

scores

value	0.00372
scoring_system	epss
scoring_elements	0.58857
published_at	2026-04-01T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58977
published_at	2026-04-21T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58972
published_at	2026-04-08T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58979
published_at	2026-04-12T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58998
published_at	2026-04-18T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.5896
published_at	2026-04-13T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58994
published_at	2026-04-16T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58932
published_at	2026-04-02T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58954
published_at	2026-04-04T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.5892
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12406

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-29/

reference_url	http://www.securityfocus.com/bid/106167
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106167

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1692732
reference_id	1692732
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1692732

reference_url	https://security.archlinux.org/ASA-201812-9
reference_id	ASA-201812-9
reference_type
scores
url	https://security.archlinux.org/ASA-201812-9

reference_url

https://security.archlinux.org/AVG-833

reference_id

AVG-833

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-833

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12406

reference_id

CVE-2018-12406

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12406

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_id

mfsa2018-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_url	https://usn.ubuntu.com/3844-1/
reference_id	USN-3844-1
reference_type
scores
url	https://usn.ubuntu.com/3844-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@64.0-1
purl	pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1

aliases CVE-2018-12406

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cszr-1fu2-6be5

url VCID-ka9x-22be-p7aw

vulnerability_id VCID-ka9x-22be-p7aw

summary

Multiple vulnerabilities have been found in Chromium and Google
    Chrome, the worst of which allows remote attackers to execute arbitrary
    code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17466.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17466.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17466

reference_id

reference_type

scores

value	0.01106
scoring_system	epss
scoring_elements	0.78124
published_at	2026-04-21T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78091
published_at	2026-04-09T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78117
published_at	2026-04-11T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.781
published_at	2026-04-12T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78096
published_at	2026-04-13T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78132
published_at	2026-04-16T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78131
published_at	2026-04-18T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78041
published_at	2026-04-01T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78049
published_at	2026-04-02T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78078
published_at	2026-04-04T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78061
published_at	2026-04-07T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78087
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17462
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17462

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17463
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17463

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17464
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17464

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17465
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17465

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20071
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20071

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5179
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5179

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1640102
reference_id	1640102
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1640102

reference_url	https://security.archlinux.org/ASA-201810-12
reference_id	ASA-201810-12
reference_type
scores
url	https://security.archlinux.org/ASA-201810-12

reference_url	https://security.archlinux.org/ASA-201812-9
reference_id	ASA-201812-9
reference_type
scores
url	https://security.archlinux.org/ASA-201812-9

reference_url

https://security.archlinux.org/AVG-781

reference_id

AVG-781

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-781

reference_url

https://security.archlinux.org/AVG-833

reference_id

AVG-833

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-833

reference_url	https://security.gentoo.org/glsa/201811-10
reference_id	GLSA-201811-10
reference_type
scores
url	https://security.gentoo.org/glsa/201811-10

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_id

mfsa2018-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_id

mfsa2018-30

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_id

mfsa2018-31

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_url	https://access.redhat.com/errata/RHSA-2018:3004
reference_id	RHSA-2018:3004
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3004

reference_url	https://access.redhat.com/errata/RHSA-2018:3831
reference_id	RHSA-2018:3831
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3831

reference_url	https://access.redhat.com/errata/RHSA-2018:3833
reference_id	RHSA-2018:3833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3833

reference_url	https://access.redhat.com/errata/RHSA-2019:0159
reference_id	RHSA-2019:0159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0159

reference_url	https://access.redhat.com/errata/RHSA-2019:0160
reference_id	RHSA-2019:0160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0160

reference_url	https://usn.ubuntu.com/3844-1/
reference_id	USN-3844-1
reference_type
scores
url	https://usn.ubuntu.com/3844-1/

reference_url	https://usn.ubuntu.com/3868-1/
reference_id	USN-3868-1
reference_type
scores
url	https://usn.ubuntu.com/3868-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@64.0-1
purl	pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1

aliases CVE-2018-17466

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ka9x-22be-p7aw

url VCID-n1v6-q6wt-ebaj

vulnerability_id VCID-n1v6-q6wt-ebaj

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18494.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18494.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18494

reference_id

reference_type

scores

value	0.01073
scoring_system	epss
scoring_elements	0.77784
published_at	2026-04-21T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.7774
published_at	2026-04-08T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.77745
published_at	2026-04-09T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.77771
published_at	2026-04-11T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.77755
published_at	2026-04-12T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.77754
published_at	2026-04-13T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.77791
published_at	2026-04-16T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.7779
published_at	2026-04-18T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.77695
published_at	2026-04-01T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.77702
published_at	2026-04-02T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.77729
published_at	2026-04-04T12:55:00Z

value	0.01073
scoring_system	epss
scoring_elements	0.77712
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18494

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1487964
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1487964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html

reference_url	https://www.debian.org/security/2018/dsa-4354
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4354

reference_url	https://www.debian.org/security/2019/dsa-4362
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4362

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-29/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-30/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-30/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-31/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-31/

reference_url	http://www.securityfocus.com/bid/106168
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106168

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1658401
reference_id	1658401
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1658401

reference_url	https://security.archlinux.org/ASA-201812-9
reference_id	ASA-201812-9
reference_type
scores
url	https://security.archlinux.org/ASA-201812-9

reference_url

https://security.archlinux.org/AVG-833

reference_id

AVG-833

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-833

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18494

reference_id

CVE-2018-18494

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18494

reference_url	https://security.gentoo.org/glsa/201903-04
reference_id	GLSA-201903-04
reference_type
scores
url	https://security.gentoo.org/glsa/201903-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_id

mfsa2018-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_id

mfsa2018-30

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_id

mfsa2018-31

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_url	https://access.redhat.com/errata/RHSA-2018:3831
reference_id	RHSA-2018:3831
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3831

reference_url	https://access.redhat.com/errata/RHSA-2018:3833
reference_id	RHSA-2018:3833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3833

reference_url	https://access.redhat.com/errata/RHSA-2019:0159
reference_id	RHSA-2019:0159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0159

reference_url	https://access.redhat.com/errata/RHSA-2019:0160
reference_id	RHSA-2019:0160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0160

reference_url	https://usn.ubuntu.com/3844-1/
reference_id	USN-3844-1
reference_type
scores
url	https://usn.ubuntu.com/3844-1/

reference_url	https://usn.ubuntu.com/3868-1/
reference_id	USN-3868-1
reference_type
scores
url	https://usn.ubuntu.com/3868-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@64.0-1
purl	pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1

aliases CVE-2018-18494

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1v6-q6wt-ebaj

url VCID-qvqm-n242-vyea

vulnerability_id VCID-qvqm-n242-vyea

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12405.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12405.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12405

reference_id

reference_type

scores

value	0.1029
scoring_system	epss
scoring_elements	0.932
published_at	2026-04-21T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93161
published_at	2026-04-08T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93166
published_at	2026-04-09T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93171
published_at	2026-04-11T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93169
published_at	2026-04-12T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.9317
published_at	2026-04-13T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93187
published_at	2026-04-16T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93191
published_at	2026-04-18T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93141
published_at	2026-04-01T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.9315
published_at	2026-04-02T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93154
published_at	2026-04-04T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93153
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12405

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html

reference_url	https://www.debian.org/security/2018/dsa-4354
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4354

reference_url	https://www.debian.org/security/2019/dsa-4362
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4362

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-29/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-30/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-30/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-31/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-31/

reference_url	http://www.securityfocus.com/bid/106168
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106168

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1658397
reference_id	1658397
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1658397

reference_url	https://security.archlinux.org/ASA-201812-9
reference_id	ASA-201812-9
reference_type
scores
url	https://security.archlinux.org/ASA-201812-9

reference_url

https://security.archlinux.org/AVG-833

reference_id

AVG-833

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-833

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12405

reference_id

CVE-2018-12405

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12405

reference_url	https://security.gentoo.org/glsa/201903-04
reference_id	GLSA-201903-04
reference_type
scores
url	https://security.gentoo.org/glsa/201903-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_id

mfsa2018-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_id

mfsa2018-30

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_id

mfsa2018-31

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_url	https://access.redhat.com/errata/RHSA-2018:3831
reference_id	RHSA-2018:3831
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3831

reference_url	https://access.redhat.com/errata/RHSA-2018:3833
reference_id	RHSA-2018:3833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3833

reference_url	https://access.redhat.com/errata/RHSA-2019:0159
reference_id	RHSA-2019:0159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0159

reference_url	https://access.redhat.com/errata/RHSA-2019:0160
reference_id	RHSA-2019:0160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0160

reference_url	https://usn.ubuntu.com/3844-1/
reference_id	USN-3844-1
reference_type
scores
url	https://usn.ubuntu.com/3844-1/

reference_url	https://usn.ubuntu.com/3868-1/
reference_id	USN-3868-1
reference_type
scores
url	https://usn.ubuntu.com/3868-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@64.0-1
purl	pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1

aliases CVE-2018-12405

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvqm-n242-vyea

url VCID-skbg-e4em-bkaw

vulnerability_id VCID-skbg-e4em-bkaw

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18492.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18492.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18492

reference_id

reference_type

scores

value	0.33845
scoring_system	epss
scoring_elements	0.9697
published_at	2026-04-21T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.9695
published_at	2026-04-08T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96952
published_at	2026-04-09T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96954
published_at	2026-04-11T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96956
published_at	2026-04-12T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96957
published_at	2026-04-13T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96964
published_at	2026-04-16T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96968
published_at	2026-04-18T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96926
published_at	2026-04-01T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96934
published_at	2026-04-02T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96939
published_at	2026-04-04T12:55:00Z

value	0.33845
scoring_system	epss
scoring_elements	0.96942
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18492

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1499861
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1499861

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html

reference_url	https://www.debian.org/security/2018/dsa-4354
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4354

reference_url	https://www.debian.org/security/2019/dsa-4362
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4362

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-29/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-30/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-30/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-31/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-31/

reference_url	http://www.securityfocus.com/bid/106168
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106168

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1658399
reference_id	1658399
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1658399

reference_url	https://security.archlinux.org/ASA-201812-9
reference_id	ASA-201812-9
reference_type
scores
url	https://security.archlinux.org/ASA-201812-9

reference_url

https://security.archlinux.org/AVG-833

reference_id

AVG-833

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-833

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18492

reference_id

CVE-2018-18492

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18492

reference_url	https://security.gentoo.org/glsa/201903-04
reference_id	GLSA-201903-04
reference_type
scores
url	https://security.gentoo.org/glsa/201903-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_id

mfsa2018-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_id

mfsa2018-30

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_id

mfsa2018-31

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_url	https://access.redhat.com/errata/RHSA-2018:3831
reference_id	RHSA-2018:3831
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3831

reference_url	https://access.redhat.com/errata/RHSA-2018:3833
reference_id	RHSA-2018:3833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3833

reference_url	https://access.redhat.com/errata/RHSA-2019:0159
reference_id	RHSA-2019:0159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0159

reference_url	https://access.redhat.com/errata/RHSA-2019:0160
reference_id	RHSA-2019:0160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0160

reference_url	https://usn.ubuntu.com/3844-1/
reference_id	USN-3844-1
reference_type
scores
url	https://usn.ubuntu.com/3844-1/

reference_url	https://usn.ubuntu.com/3868-1/
reference_id	USN-3868-1
reference_type
scores
url	https://usn.ubuntu.com/3868-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@64.0-1
purl	pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1

aliases CVE-2018-18492

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-skbg-e4em-bkaw

url VCID-vnmz-2agw-k3fg

vulnerability_id VCID-vnmz-2agw-k3fg

summary A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12407.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12407.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12407

reference_id

reference_type

scores

value	0.03139
scoring_system	epss
scoring_elements	0.86825
published_at	2026-04-01T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.86902
published_at	2026-04-21T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.86876
published_at	2026-04-09T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.86889
published_at	2026-04-11T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.86885
published_at	2026-04-12T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.8688
published_at	2026-04-13T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.86897
published_at	2026-04-16T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.86835
published_at	2026-04-02T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.86854
published_at	2026-04-04T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.86848
published_at	2026-04-07T12:55:00Z

value	0.03139
scoring_system	epss
scoring_elements	0.86868
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12407

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1505973
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1505973

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-29/

reference_url	http://www.securityfocus.com/bid/106167
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106167

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1692795
reference_id	1692795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1692795

reference_url	https://security.archlinux.org/ASA-201812-9
reference_id	ASA-201812-9
reference_type
scores
url	https://security.archlinux.org/ASA-201812-9

reference_url

https://security.archlinux.org/AVG-833

reference_id

AVG-833

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-833

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12407

reference_id

CVE-2018-12407

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12407

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_id

mfsa2018-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_url	https://usn.ubuntu.com/3844-1/
reference_id	USN-3844-1
reference_type
scores
url	https://usn.ubuntu.com/3844-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@64.0-1
purl	pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1

aliases CVE-2018-12407

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnmz-2agw-k3fg

url VCID-wzt1-wzps-kqbr

vulnerability_id VCID-wzt1-wzps-kqbr

summary Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18497.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18497.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18497

reference_id

reference_type

scores

value	0.00217
scoring_system	epss
scoring_elements	0.44266
published_at	2026-04-01T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44316
published_at	2026-04-21T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44372
published_at	2026-04-11T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.4434
published_at	2026-04-12T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44339
published_at	2026-04-13T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44395
published_at	2026-04-16T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44386
published_at	2026-04-18T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44338
published_at	2026-04-02T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.4436
published_at	2026-04-04T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44297
published_at	2026-04-07T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44349
published_at	2026-04-08T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44354
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18497

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1488180
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1488180

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-29/

reference_url	http://www.securityfocus.com/bid/106167
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106167

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696112
reference_id	1696112
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696112

reference_url	https://security.archlinux.org/ASA-201812-9
reference_id	ASA-201812-9
reference_type
scores
url	https://security.archlinux.org/ASA-201812-9

reference_url

https://security.archlinux.org/AVG-833

reference_id

AVG-833

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-833

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18497

reference_id

CVE-2018-18497

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18497

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_id

mfsa2018-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_url	https://usn.ubuntu.com/3844-1/
reference_id	USN-3844-1
reference_type
scores
url	https://usn.ubuntu.com/3844-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@64.0-1
purl	pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1

aliases CVE-2018-18497

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzt1-wzps-kqbr

url VCID-yq6p-sv1g-m3bj

vulnerability_id VCID-yq6p-sv1g-m3bj

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18493.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18493.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18493

reference_id

reference_type

scores

value	0.24302
scoring_system	epss
scoring_elements	0.96109
published_at	2026-04-21T12:55:00Z

value	0.24302
scoring_system	epss
scoring_elements	0.9607
published_at	2026-04-04T12:55:00Z

value	0.24302
scoring_system	epss
scoring_elements	0.96075
published_at	2026-04-07T12:55:00Z

value	0.24302
scoring_system	epss
scoring_elements	0.96085
published_at	2026-04-08T12:55:00Z

value	0.24302
scoring_system	epss
scoring_elements	0.96088
published_at	2026-04-09T12:55:00Z

value	0.24302
scoring_system	epss
scoring_elements	0.96091
published_at	2026-04-12T12:55:00Z

value	0.24302
scoring_system	epss
scoring_elements	0.96094
published_at	2026-04-13T12:55:00Z

value	0.24302
scoring_system	epss
scoring_elements	0.96103
published_at	2026-04-16T12:55:00Z

value	0.24302
scoring_system	epss
scoring_elements	0.96057
published_at	2026-04-01T12:55:00Z

value	0.24302
scoring_system	epss
scoring_elements	0.96064
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18493

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1504452
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1504452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html

reference_url	https://www.debian.org/security/2018/dsa-4354
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4354

reference_url	https://www.debian.org/security/2019/dsa-4362
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4362

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-29/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-30/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-30/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-31/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-31/

reference_url	http://www.securityfocus.com/bid/106168
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106168

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1658400
reference_id	1658400
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1658400

reference_url	https://security.archlinux.org/ASA-201812-9
reference_id	ASA-201812-9
reference_type
scores
url	https://security.archlinux.org/ASA-201812-9

reference_url

https://security.archlinux.org/AVG-833

reference_id

AVG-833

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-833

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18493

reference_id

CVE-2018-18493

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18493

reference_url	https://security.gentoo.org/glsa/201903-04
reference_id	GLSA-201903-04
reference_type
scores
url	https://security.gentoo.org/glsa/201903-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_id

mfsa2018-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_id

mfsa2018-30

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-30

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_id

mfsa2018-31

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31

reference_url	https://access.redhat.com/errata/RHSA-2018:3831
reference_id	RHSA-2018:3831
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3831

reference_url	https://access.redhat.com/errata/RHSA-2018:3833
reference_id	RHSA-2018:3833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3833

reference_url	https://access.redhat.com/errata/RHSA-2019:0159
reference_id	RHSA-2019:0159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0159

reference_url	https://access.redhat.com/errata/RHSA-2019:0160
reference_id	RHSA-2019:0160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0160

reference_url	https://usn.ubuntu.com/3844-1/
reference_id	USN-3844-1
reference_type
scores
url	https://usn.ubuntu.com/3844-1/

reference_url	https://usn.ubuntu.com/3868-1/
reference_id	USN-3868-1
reference_type
scores
url	https://usn.ubuntu.com/3868-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@64.0-1
purl	pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1

aliases CVE-2018-18493

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yq6p-sv1g-m3bj

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0.3-1

Package Instance