Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/firefox@63.0-1

Type alpm

Namespace archlinux

Name firefox

Version 63.0-1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 64.0-1

Latest_non_vulnerable_version 101.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-53y3-s5pc-nbh1

vulnerability_id VCID-53y3-s5pc-nbh1

summary By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12398.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12398.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12398

reference_id

reference_type

scores

value	0.00252
scoring_system	epss
scoring_elements	0.48525
published_at	2026-04-13T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.4857
published_at	2026-04-18T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48575
published_at	2026-04-16T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48528
published_at	2026-04-21T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56894
published_at	2026-04-09T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56903
published_at	2026-04-11T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56882
published_at	2026-04-12T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56839
published_at	2026-04-07T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56748
published_at	2026-04-01T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56841
published_at	2026-04-02T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56862
published_at	2026-04-04T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.5689
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12398

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1460538
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1460538

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1488061
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1488061

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	http://www.securityfocus.com/bid/105721
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105721

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1693621
reference_id	1693621
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1693621

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12398

reference_id

CVE-2018-12398

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12398

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12398

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53y3-s5pc-nbh1

url VCID-7pu2-1t9x-5yf1

vulnerability_id VCID-7pu2-1t9x-5yf1

summary If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12403.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12403.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12403

reference_id

reference_type

scores

value	0.00503
scoring_system	epss
scoring_elements	0.66021
published_at	2026-04-01T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66132
published_at	2026-04-21T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66138
published_at	2026-04-11T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66125
published_at	2026-04-12T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66096
published_at	2026-04-13T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66131
published_at	2026-04-16T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66144
published_at	2026-04-18T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66063
published_at	2026-04-02T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66091
published_at	2026-04-04T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66058
published_at	2026-04-07T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66106
published_at	2026-04-08T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66119
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12403

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1484753
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1484753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	http://www.securityfocus.com/bid/105721
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105721

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1692373
reference_id	1692373
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1692373

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12403

reference_id

CVE-2018-12403

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12403

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12403

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7pu2-1t9x-5yf1

url VCID-8k1r-9djq-h3bh

vulnerability_id VCID-8k1r-9djq-h3bh

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12390.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12390.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12390

reference_id

reference_type

scores

value	0.04174
scoring_system	epss
scoring_elements	0.88708
published_at	2026-04-21T12:55:00Z

value	0.04174
scoring_system	epss
scoring_elements	0.88709
published_at	2026-04-18T12:55:00Z

value	0.07182
scoring_system	epss
scoring_elements	0.91545
published_at	2026-04-02T12:55:00Z

value	0.07182
scoring_system	epss
scoring_elements	0.91538
published_at	2026-04-01T12:55:00Z

value	0.07182
scoring_system	epss
scoring_elements	0.91552
published_at	2026-04-04T12:55:00Z

value	0.07182
scoring_system	epss
scoring_elements	0.9156
published_at	2026-04-07T12:55:00Z

value	0.07182
scoring_system	epss
scoring_elements	0.91573
published_at	2026-04-08T12:55:00Z

value	0.07182
scoring_system	epss
scoring_elements	0.91579
published_at	2026-04-09T12:55:00Z

value	0.07182
scoring_system	epss
scoring_elements	0.91583
published_at	2026-04-13T12:55:00Z

value	0.07182
scoring_system	epss
scoring_elements	0.91585
published_at	2026-04-12T12:55:00Z

value	0.07182
scoring_system	epss
scoring_elements	0.91605
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12390

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

reference_url	https://www.debian.org/security/2018/dsa-4324
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4324

reference_url	https://www.debian.org/security/2018/dsa-4337
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4337

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-27/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-27/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-28/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-28/

reference_url	http://www.securityfocus.com/bid/105718
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105718

reference_url	http://www.securityfocus.com/bid/105769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105769

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1642180
reference_id	1642180
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1642180

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url	https://security.archlinux.org/ASA-201811-10
reference_id	ASA-201811-10
reference_type
scores
url	https://security.archlinux.org/ASA-201811-10

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url

https://security.archlinux.org/AVG-803

reference_id

AVG-803

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-803

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12390

reference_id

CVE-2018-12390

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12390

reference_url	https://security.gentoo.org/glsa/201811-04
reference_id	GLSA-201811-04
reference_type
scores
url	https://security.gentoo.org/glsa/201811-04

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_id

mfsa2018-27

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28

reference_id

mfsa2018-28

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28

reference_url	https://access.redhat.com/errata/RHSA-2018:3005
reference_id	RHSA-2018:3005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3005

reference_url	https://access.redhat.com/errata/RHSA-2018:3006
reference_id	RHSA-2018:3006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3006

reference_url	https://access.redhat.com/errata/RHSA-2018:3531
reference_id	RHSA-2018:3531
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3531

reference_url	https://access.redhat.com/errata/RHSA-2018:3532
reference_id	RHSA-2018:3532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3532

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

reference_url	https://usn.ubuntu.com/3868-1/
reference_id	USN-3868-1
reference_type
scores
url	https://usn.ubuntu.com/3868-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12390

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8k1r-9djq-h3bh

url VCID-ctgf-rds5-4fda

vulnerability_id VCID-ctgf-rds5-4fda

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12396.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12396.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12396

reference_id

reference_type

scores

value	0.01138
scoring_system	epss
scoring_elements	0.78421
published_at	2026-04-21T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78396
published_at	2026-04-09T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78422
published_at	2026-04-11T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78405
published_at	2026-04-12T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78397
published_at	2026-04-13T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78426
published_at	2026-04-16T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78425
published_at	2026-04-18T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78343
published_at	2026-04-01T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.7835
published_at	2026-04-02T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78381
published_at	2026-04-04T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78364
published_at	2026-04-07T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78391
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12396

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1483602
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1483602

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html

reference_url	https://www.debian.org/security/2018/dsa-4324
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4324

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-27/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-27/

reference_url	http://www.securityfocus.com/bid/105718
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105718

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1642186
reference_id	1642186
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1642186

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
reference_id	cpe:2.3:a:mozilla:firefox_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12396

reference_id

CVE-2018-12396

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12396

reference_url	https://security.gentoo.org/glsa/201811-04
reference_id	GLSA-201811-04
reference_type
scores
url	https://security.gentoo.org/glsa/201811-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_id

mfsa2018-27

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_url	https://access.redhat.com/errata/RHSA-2018:3005
reference_id	RHSA-2018:3005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3005

reference_url	https://access.redhat.com/errata/RHSA-2018:3006
reference_id	RHSA-2018:3006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3006

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12396

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctgf-rds5-4fda

url VCID-eyf6-1map-zbdz

vulnerability_id VCID-eyf6-1map-zbdz

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12395.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12395.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12395

reference_id

reference_type

scores

value	0.02916
scoring_system	epss
scoring_elements	0.86397
published_at	2026-04-21T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86376
published_at	2026-04-09T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.8639
published_at	2026-04-11T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86388
published_at	2026-04-12T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86382
published_at	2026-04-13T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86399
published_at	2026-04-16T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86404
published_at	2026-04-18T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86318
published_at	2026-04-01T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86329
published_at	2026-04-02T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86347
published_at	2026-04-04T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86348
published_at	2026-04-07T12:55:00Z

value	0.02916
scoring_system	epss
scoring_elements	0.86366
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12395

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1467523
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1467523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html

reference_url	https://www.debian.org/security/2018/dsa-4324
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4324

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-27/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-27/

reference_url	http://www.securityfocus.com/bid/105718
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105718

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1642185
reference_id	1642185
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1642185

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
reference_id	cpe:2.3:a:mozilla:firefox_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12395

reference_id

CVE-2018-12395

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12395

reference_url	https://security.gentoo.org/glsa/201811-04
reference_id	GLSA-201811-04
reference_type
scores
url	https://security.gentoo.org/glsa/201811-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_id

mfsa2018-27

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_url	https://access.redhat.com/errata/RHSA-2018:3005
reference_id	RHSA-2018:3005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3005

reference_url	https://access.redhat.com/errata/RHSA-2018:3006
reference_id	RHSA-2018:3006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3006

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12395

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eyf6-1map-zbdz

url VCID-h8q1-8w25-2yfz

vulnerability_id VCID-h8q1-8w25-2yfz

summary When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12399.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12399.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12399

reference_id

reference_type

scores

value	0.00407
scoring_system	epss
scoring_elements	0.61024
published_at	2026-04-01T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61175
published_at	2026-04-21T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61166
published_at	2026-04-12T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61147
published_at	2026-04-13T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61188
published_at	2026-04-16T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61193
published_at	2026-04-18T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61102
published_at	2026-04-02T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.6113
published_at	2026-04-04T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61096
published_at	2026-04-07T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61144
published_at	2026-04-08T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61159
published_at	2026-04-09T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61179
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12399

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1490276
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1490276

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	http://www.securityfocus.com/bid/105721
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105721

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1693614
reference_id	1693614
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1693614

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12399

reference_id

CVE-2018-12399

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12399

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12399

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8q1-8w25-2yfz

url VCID-m5f4-3a7z-y7aj

vulnerability_id VCID-m5f4-3a7z-y7aj

summary Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12401.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12401.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12401

reference_id

reference_type

scores

value	0.00878
scoring_system	epss
scoring_elements	0.7527
published_at	2026-04-01T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75362
published_at	2026-04-21T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75337
published_at	2026-04-12T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75326
published_at	2026-04-13T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75366
published_at	2026-04-16T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75372
published_at	2026-04-18T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75273
published_at	2026-04-02T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75306
published_at	2026-04-04T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75284
published_at	2026-04-07T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75327
published_at	2026-04-08T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75338
published_at	2026-04-09T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75359
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12401

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1422456
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1422456

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	http://www.securityfocus.com/bid/105721
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105721

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1693626
reference_id	1693626
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1693626

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12401

reference_id

CVE-2018-12401

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12401

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12401

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5f4-3a7z-y7aj

url VCID-pqak-1a9a-b3g1

vulnerability_id VCID-pqak-1a9a-b3g1

summary The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12402.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12402.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12402

reference_id

reference_type

scores

value	0.00358
scoring_system	epss
scoring_elements	0.57937
published_at	2026-04-01T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58058
published_at	2026-04-21T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58094
published_at	2026-04-11T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58071
published_at	2026-04-12T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58051
published_at	2026-04-13T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58081
published_at	2026-04-16T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58082
published_at	2026-04-18T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58022
published_at	2026-04-02T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58044
published_at	2026-04-04T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.5802
published_at	2026-04-07T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58074
published_at	2026-04-08T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58078
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12402

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1447087
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1447087

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1469916
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1469916

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	http://www.securityfocus.com/bid/105721
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105721

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696127
reference_id	1696127
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696127

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12402

reference_id

CVE-2018-12402

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12402

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12402

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqak-1a9a-b3g1

url VCID-qq7q-7j4q-h7dz

vulnerability_id VCID-qq7q-7j4q-h7dz

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12397.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12397.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12397

reference_id

reference_type

scores

value	0.00068
scoring_system	epss
scoring_elements	0.20873
published_at	2026-04-21T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20919
published_at	2026-04-08T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.2098
published_at	2026-04-09T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20998
published_at	2026-04-11T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20954
published_at	2026-04-12T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20901
published_at	2026-04-13T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20892
published_at	2026-04-18T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20921
published_at	2026-04-01T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21072
published_at	2026-04-02T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21125
published_at	2026-04-04T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20839
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12397

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1487478
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1487478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html

reference_url	https://www.debian.org/security/2018/dsa-4324
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4324

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-27/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-27/

reference_url	http://www.securityfocus.com/bid/105718
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105718

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1642187
reference_id	1642187
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1642187

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12397

reference_id

CVE-2018-12397

reference_type

scores

value	3.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:N

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12397

reference_url	https://security.gentoo.org/glsa/201811-04
reference_id	GLSA-201811-04
reference_type
scores
url	https://security.gentoo.org/glsa/201811-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_id

mfsa2018-27

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_url	https://access.redhat.com/errata/RHSA-2018:3005
reference_id	RHSA-2018:3005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3005

reference_url	https://access.redhat.com/errata/RHSA-2018:3006
reference_id	RHSA-2018:3006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3006

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12397

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qq7q-7j4q-h7dz

url VCID-r7vv-451v-nbag

vulnerability_id VCID-r7vv-451v-nbag

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12392.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12392.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12392

reference_id

reference_type

scores

value	0.07848
scoring_system	epss
scoring_elements	0.9201
published_at	2026-04-21T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.91977
published_at	2026-04-04T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.91983
published_at	2026-04-07T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.91995
published_at	2026-04-08T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.91999
published_at	2026-04-09T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.92002
published_at	2026-04-12T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.91998
published_at	2026-04-13T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.92016
published_at	2026-04-16T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.92013
published_at	2026-04-18T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.91961
published_at	2026-04-01T12:55:00Z

value	0.07848
scoring_system	epss
scoring_elements	0.91969
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12392

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1492823
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1492823

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

reference_url	https://www.debian.org/security/2018/dsa-4324
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4324

reference_url	https://www.debian.org/security/2018/dsa-4337
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4337

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-27/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-27/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-28/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-28/

reference_url	http://www.securityfocus.com/bid/105718
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105718

reference_url	http://www.securityfocus.com/bid/105769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105769

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1642182
reference_id	1642182
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1642182

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url	https://security.archlinux.org/ASA-201811-10
reference_id	ASA-201811-10
reference_type
scores
url	https://security.archlinux.org/ASA-201811-10

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url

https://security.archlinux.org/AVG-803

reference_id

AVG-803

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-803

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12392

reference_id

CVE-2018-12392

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12392

reference_url	https://security.gentoo.org/glsa/201811-04
reference_id	GLSA-201811-04
reference_type
scores
url	https://security.gentoo.org/glsa/201811-04

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_id

mfsa2018-27

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-27

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28

reference_id

mfsa2018-28

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28

reference_url	https://access.redhat.com/errata/RHSA-2018:3005
reference_id	RHSA-2018:3005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3005

reference_url	https://access.redhat.com/errata/RHSA-2018:3006
reference_id	RHSA-2018:3006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3006

reference_url	https://access.redhat.com/errata/RHSA-2018:3531
reference_id	RHSA-2018:3531
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3531

reference_url	https://access.redhat.com/errata/RHSA-2018:3532
reference_id	RHSA-2018:3532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3532

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

reference_url	https://usn.ubuntu.com/3868-1/
reference_id	USN-3868-1
reference_type
scores
url	https://usn.ubuntu.com/3868-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12392

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7vv-451v-nbag

url VCID-t9c6-d2kv-2uhg

vulnerability_id VCID-t9c6-d2kv-2uhg

summary Mozilla developers and community members Christian Holler, Dana Keeler, Ronald Crane, Marcia Knous, Tyson Smith, Daniel Veditz, and Steve Fink reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12388.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12388.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12388

reference_id

reference_type

scores

value	0.00514
scoring_system	epss
scoring_elements	0.6648
published_at	2026-04-01T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66589
published_at	2026-04-21T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66584
published_at	2026-04-12T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66553
published_at	2026-04-13T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66588
published_at	2026-04-16T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66605
published_at	2026-04-18T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66518
published_at	2026-04-02T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66543
published_at	2026-04-04T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66515
published_at	2026-04-07T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66564
published_at	2026-04-08T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66578
published_at	2026-04-09T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66596
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12388

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1472639%2C1485698%2C1301547%2C1471427%2C1379411%2C1482122%2C1486314%2C1487167
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1472639%2C1485698%2C1301547%2C1471427%2C1379411%2C1482122%2C1486314%2C1487167

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-26/

reference_url	http://www.securityfocus.com/bid/105721
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105721

reference_url	http://www.securitytracker.com/id/1041944
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1692663
reference_id	1692663
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1692663

reference_url	https://security.archlinux.org/ASA-201810-14
reference_id	ASA-201810-14
reference_type
scores
url	https://security.archlinux.org/ASA-201810-14

reference_url

https://security.archlinux.org/AVG-787

reference_id

AVG-787

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-787

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12388

reference_id

CVE-2018-12388

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12388

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_id

mfsa2018-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26

reference_url	https://usn.ubuntu.com/3801-1/
reference_id	USN-3801-1
reference_type
scores
url	https://usn.ubuntu.com/3801-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@63.0-1
purl	pkg:alpm/archlinux/firefox@63.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

aliases CVE-2018-12388

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9c6-d2kv-2uhg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0-1

Package Instance