Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox@59.0-1?distro=sid

Type deb

Namespace debian

Name firefox

Version 59.0-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 59.0.1-1

Latest_non_vulnerable_version 150.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1gbp-dg93-wud9

vulnerability_id VCID-1gbp-dg93-wud9

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5129.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5129.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5129

reference_id

reference_type

scores

value	0.02331
scoring_system	epss
scoring_elements	0.8489
published_at	2026-04-29T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84823
published_at	2026-04-09T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84841
published_at	2026-04-11T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84838
published_at	2026-04-12T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84833
published_at	2026-04-13T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84855
published_at	2026-04-18T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84853
published_at	2026-04-21T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.8488
published_at	2026-04-24T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84758
published_at	2026-04-01T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84773
published_at	2026-04-02T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84792
published_at	2026-04-04T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84794
published_at	2026-04-07T12:55:00Z

value	0.02331
scoring_system	epss
scoring_elements	0.84817
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5129

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1428947
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1428947

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4139
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4139

reference_url	https://www.debian.org/security/2018/dsa-4155
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4155

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-07/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-07/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-09/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-09/

reference_url	http://www.securityfocus.com/bid/103388
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103388

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1555129
reference_id	1555129
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1555129

reference_url	https://security.archlinux.org/ASA-201803-22
reference_id	ASA-201803-22
reference_type
scores
url	https://security.archlinux.org/ASA-201803-22

reference_url

https://security.archlinux.org/AVG-663

reference_id

AVG-663

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-663

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5129

reference_id

CVE-2018-5129

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5129

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_id

mfsa2018-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-09

reference_id

mfsa2018-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-09

reference_url	https://access.redhat.com/errata/RHSA-2018:0526
reference_id	RHSA-2018:0526
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0526

reference_url	https://access.redhat.com/errata/RHSA-2018:0527
reference_id	RHSA-2018:0527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0527

reference_url	https://access.redhat.com/errata/RHSA-2018:0647
reference_id	RHSA-2018:0647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0647

reference_url	https://access.redhat.com/errata/RHSA-2018:0648
reference_id	RHSA-2018:0648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0648

reference_url	https://usn.ubuntu.com/3545-1/
reference_id	USN-3545-1
reference_type
scores
url	https://usn.ubuntu.com/3545-1/

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5129

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1gbp-dg93-wud9

url VCID-asw1-t3mj-2kem

vulnerability_id VCID-asw1-t3mj-2kem

summary URLs using javascript: have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the javascript: URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5143

reference_id

reference_type

scores

value	0.00468
scoring_system	epss
scoring_elements	0.64537
published_at	2026-04-29T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64382
published_at	2026-04-01T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64504
published_at	2026-04-21T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64525
published_at	2026-04-24T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64538
published_at	2026-04-26T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64436
published_at	2026-04-02T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64467
published_at	2026-04-04T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64427
published_at	2026-04-07T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64475
published_at	2026-04-08T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64491
published_at	2026-04-09T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64506
published_at	2026-04-11T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64495
published_at	2026-04-12T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64466
published_at	2026-04-13T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64501
published_at	2026-04-16T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64513
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5143

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1422643
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1422643

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5143

reference_id

CVE-2018-5143

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5143

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5143

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-asw1-t3mj-2kem

url VCID-bfg9-wdyu-9qbh

vulnerability_id VCID-bfg9-wdyu-9qbh

summary WebExtensions can bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5135

reference_id

reference_type

scores

value	0.00964
scoring_system	epss
scoring_elements	0.76625
published_at	2026-04-29T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76484
published_at	2026-04-01T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76576
published_at	2026-04-21T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76607
published_at	2026-04-24T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76612
published_at	2026-04-26T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76488
published_at	2026-04-02T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76517
published_at	2026-04-04T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76499
published_at	2026-04-07T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76532
published_at	2026-04-08T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76543
published_at	2026-04-13T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76569
published_at	2026-04-11T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76548
published_at	2026-04-12T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76584
published_at	2026-04-16T12:55:00Z

value	0.00964
scoring_system	epss
scoring_elements	0.76588
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5135

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1431371
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1431371

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5135

reference_id

CVE-2018-5135

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5135

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5135

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfg9-wdyu-9qbh

url VCID-c5q7-x23j-bkha

vulnerability_id VCID-c5q7-x23j-bkha

summary A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. *Note: this vulnerability does not affect WebExtensions.*

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5137

reference_id

reference_type

scores

value	0.01362
scoring_system	epss
scoring_elements	0.80253
published_at	2026-04-29T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80122
published_at	2026-04-01T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80199
published_at	2026-04-21T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80228
published_at	2026-04-24T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80237
published_at	2026-04-26T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80129
published_at	2026-04-02T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80149
published_at	2026-04-04T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80137
published_at	2026-04-07T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80166
published_at	2026-04-08T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80173
published_at	2026-04-09T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80192
published_at	2026-04-11T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80177
published_at	2026-04-12T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80168
published_at	2026-04-13T12:55:00Z

value	0.01362
scoring_system	epss
scoring_elements	0.80197
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5137

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1432870
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1432870

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5137

reference_id

CVE-2018-5137

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5137

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5137

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5q7-x23j-bkha

url VCID-eyaw-nzuh-8ue2

vulnerability_id VCID-eyaw-nzuh-8ue2

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5130.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5130.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5130

reference_id

reference_type

scores

value	0.01156
scoring_system	epss
scoring_elements	0.78619
published_at	2026-04-29T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78538
published_at	2026-04-13T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78566
published_at	2026-04-16T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78562
published_at	2026-04-21T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78594
published_at	2026-04-24T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78602
published_at	2026-04-26T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78488
published_at	2026-04-01T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78494
published_at	2026-04-02T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78524
published_at	2026-04-04T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78508
published_at	2026-04-07T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78534
published_at	2026-04-08T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78539
published_at	2026-04-09T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78565
published_at	2026-04-18T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78546
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5130

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1433005
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1433005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4139
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4139

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-07/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-07/

reference_url	http://www.securityfocus.com/bid/103388
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103388

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1555130
reference_id	1555130
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1555130

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5130

reference_id

CVE-2018-5130

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5130

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_id

mfsa2018-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_url	https://access.redhat.com/errata/RHSA-2018:0526
reference_id	RHSA-2018:0526
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0526

reference_url	https://access.redhat.com/errata/RHSA-2018:0527
reference_id	RHSA-2018:0527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0527

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5130

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eyaw-nzuh-8ue2

url VCID-fcvd-rpmu-1ygk

vulnerability_id VCID-fcvd-rpmu-1ygk

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5131.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5131.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5131

reference_id

reference_type

scores

value	0.01281
scoring_system	epss
scoring_elements	0.79671
published_at	2026-04-29T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79615
published_at	2026-04-16T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79614
published_at	2026-04-18T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79617
published_at	2026-04-21T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79649
published_at	2026-04-24T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79655
published_at	2026-04-26T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79536
published_at	2026-04-01T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79542
published_at	2026-04-02T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79565
published_at	2026-04-04T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79552
published_at	2026-04-07T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.7958
published_at	2026-04-08T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79588
published_at	2026-04-09T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79609
published_at	2026-04-11T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79593
published_at	2026-04-12T12:55:00Z

value	0.01281
scoring_system	epss
scoring_elements	0.79585
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5131

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1440775
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1440775

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4139
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4139

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-07/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-07/

reference_url	http://www.securityfocus.com/bid/103388
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103388

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1555131
reference_id	1555131
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1555131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5131

reference_id

CVE-2018-5131

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5131

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_id

mfsa2018-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_url	https://access.redhat.com/errata/RHSA-2018:0526
reference_id	RHSA-2018:0526
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0526

reference_url	https://access.redhat.com/errata/RHSA-2018:0527
reference_id	RHSA-2018:0527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0527

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5131

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcvd-rpmu-1ygk

url VCID-gh4v-p1jk-zkd6

vulnerability_id VCID-gh4v-p1jk-zkd6

summary The Find API for WebExtensions can search some privileged pages, such as about:debugging, if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5132

reference_id

reference_type

scores

value	0.00913
scoring_system	epss
scoring_elements	0.75956
published_at	2026-04-29T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75812
published_at	2026-04-01T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75898
published_at	2026-04-21T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75935
published_at	2026-04-24T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75945
published_at	2026-04-26T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75816
published_at	2026-04-02T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75849
published_at	2026-04-04T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75827
published_at	2026-04-07T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.7586
published_at	2026-04-08T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75872
published_at	2026-04-09T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75896
published_at	2026-04-11T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75877
published_at	2026-04-12T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.7587
published_at	2026-04-13T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75908
published_at	2026-04-16T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75911
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5132

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1408194
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1408194

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5132

reference_id

CVE-2018-5132

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5132

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5132

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gh4v-p1jk-zkd6

url VCID-jkyr-qzk1-v7fg

vulnerability_id VCID-jkyr-qzk1-v7fg

summary WebExtensions may use view-source: URLs to view local file: URL content, as well as content stored in about:cache, bypassing restrictions that only allow WebExtensions to view specific content.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5134

reference_id

reference_type

scores

value	0.01171
scoring_system	epss
scoring_elements	0.78743
published_at	2026-04-29T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78617
published_at	2026-04-01T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78689
published_at	2026-04-21T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78718
published_at	2026-04-24T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78726
published_at	2026-04-26T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78624
published_at	2026-04-02T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78654
published_at	2026-04-04T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78635
published_at	2026-04-07T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78661
published_at	2026-04-08T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78668
published_at	2026-04-09T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78693
published_at	2026-04-18T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78674
published_at	2026-04-12T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78667
published_at	2026-04-13T12:55:00Z

value	0.01171
scoring_system	epss
scoring_elements	0.78695
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5134

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1429379
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1429379

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5134

reference_id

CVE-2018-5134

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5134

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5134

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkyr-qzk1-v7fg

url VCID-ksh8-rqg4-wber

vulnerability_id VCID-ksh8-rqg4-wber

summary Image for moz-icons can be accessed through the moz-icon: protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5140

reference_id

reference_type

scores

value	0.00454
scoring_system	epss
scoring_elements	0.63863
published_at	2026-04-29T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63723
published_at	2026-04-01T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63847
published_at	2026-04-18T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63852
published_at	2026-04-24T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63865
published_at	2026-04-26T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63785
published_at	2026-04-02T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63811
published_at	2026-04-04T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63768
published_at	2026-04-07T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63819
published_at	2026-04-08T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63837
published_at	2026-04-09T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.6385
published_at	2026-04-11T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63836
published_at	2026-04-21T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63803
published_at	2026-04-13T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63838
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5140

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1424261
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1424261

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5140

reference_id

CVE-2018-5140

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5140

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5140

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksh8-rqg4-wber

url VCID-kzuh-q579-eqbz

vulnerability_id VCID-kzuh-q579-eqbz

summary A shared worker created from a data: URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5136

reference_id

reference_type

scores

value	0.00858
scoring_system	epss
scoring_elements	0.75071
published_at	2026-04-29T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74948
published_at	2026-04-01T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75025
published_at	2026-04-21T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75063
published_at	2026-04-24T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75068
published_at	2026-04-26T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74951
published_at	2026-04-02T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.7498
published_at	2026-04-04T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74955
published_at	2026-04-07T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74989
published_at	2026-04-08T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75001
published_at	2026-04-09T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75023
published_at	2026-04-11T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75002
published_at	2026-04-12T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74992
published_at	2026-04-13T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75028
published_at	2026-04-16T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75035
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5136

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1419166
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1419166

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5136

reference_id

CVE-2018-5136

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5136

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5136

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzuh-q579-eqbz

url VCID-mduv-93pf-d3h4

vulnerability_id VCID-mduv-93pf-d3h4

summary A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5141

reference_id

reference_type

scores

value	0.01071
scoring_system	epss
scoring_elements	0.77826
published_at	2026-04-29T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77681
published_at	2026-04-01T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.7777
published_at	2026-04-21T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77803
published_at	2026-04-24T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77812
published_at	2026-04-26T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77688
published_at	2026-04-02T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77715
published_at	2026-04-04T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77698
published_at	2026-04-07T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77726
published_at	2026-04-08T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77731
published_at	2026-04-09T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77758
published_at	2026-04-11T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77742
published_at	2026-04-12T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77741
published_at	2026-04-13T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77778
published_at	2026-04-16T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.77776
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5141

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1429093
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1429093

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5141

reference_id

CVE-2018-5141

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5141

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5141

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mduv-93pf-d3h4

url VCID-r3uw-xrkd-myh4

vulnerability_id VCID-r3uw-xrkd-myh4

summary A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5128

reference_id

reference_type

scores

value	0.01513
scoring_system	epss
scoring_elements	0.81283
published_at	2026-04-29T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81148
published_at	2026-04-01T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81247
published_at	2026-04-21T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.8127
published_at	2026-04-24T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81277
published_at	2026-04-26T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81156
published_at	2026-04-02T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.8118
published_at	2026-04-04T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81179
published_at	2026-04-07T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81207
published_at	2026-04-08T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81212
published_at	2026-04-09T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81232
published_at	2026-04-11T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81218
published_at	2026-04-12T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81211
published_at	2026-04-13T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81248
published_at	2026-04-16T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.8125
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5128

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1431336
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1431336

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5128

reference_id

CVE-2018-5128

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5128

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5128

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r3uw-xrkd-myh4

url VCID-upd1-hbu7-tbc5

vulnerability_id VCID-upd1-hbu7-tbc5

summary If the app.support.baseURL preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads chrome://browser/content/preferences/in-content/preferences.xul directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5133

reference_id

reference_type

scores

value	0.00639
scoring_system	epss
scoring_elements	0.70614
published_at	2026-04-29T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70461
published_at	2026-04-01T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70556
published_at	2026-04-21T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70606
published_at	2026-04-24T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70615
published_at	2026-04-26T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70474
published_at	2026-04-02T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70492
published_at	2026-04-04T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.7047
published_at	2026-04-07T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70516
published_at	2026-04-08T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70531
published_at	2026-04-09T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70554
published_at	2026-04-11T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70539
published_at	2026-04-12T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70525
published_at	2026-04-13T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70569
published_at	2026-04-16T12:55:00Z

value	0.00639
scoring_system	epss
scoring_elements	0.70578
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5133

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1430511
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1430511

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1430974
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1430974

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5133

reference_id

CVE-2018-5133

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5133

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5133

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-upd1-hbu7-tbc5

url VCID-vhy3-sx9u-budr

vulnerability_id VCID-vhy3-sx9u-budr

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5127.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5127.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5127

reference_id

reference_type

scores

value	0.20177
scoring_system	epss
scoring_elements	0.95518
published_at	2026-04-29T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95497
published_at	2026-04-11T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95498
published_at	2026-04-12T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95499
published_at	2026-04-13T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95507
published_at	2026-04-16T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95512
published_at	2026-04-18T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95515
published_at	2026-04-21T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95517
published_at	2026-04-24T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95462
published_at	2026-04-01T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95472
published_at	2026-04-02T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95478
published_at	2026-04-04T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95482
published_at	2026-04-07T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95489
published_at	2026-04-08T12:55:00Z

value	0.20177
scoring_system	epss
scoring_elements	0.95491
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5127

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1430557
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1430557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4139
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4139

reference_url	https://www.debian.org/security/2018/dsa-4155
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4155

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-07/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-07/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-09/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-09/

reference_url	http://www.securityfocus.com/bid/103388
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103388

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1555128
reference_id	1555128
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1555128

reference_url	https://security.archlinux.org/ASA-201803-22
reference_id	ASA-201803-22
reference_type
scores
url	https://security.archlinux.org/ASA-201803-22

reference_url

https://security.archlinux.org/AVG-663

reference_id

AVG-663

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-663

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5127

reference_id

CVE-2018-5127

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5127

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_id

mfsa2018-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-09

reference_id

mfsa2018-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-09

reference_url	https://access.redhat.com/errata/RHSA-2018:0526
reference_id	RHSA-2018:0526
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0526

reference_url	https://access.redhat.com/errata/RHSA-2018:0527
reference_id	RHSA-2018:0527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0527

reference_url	https://access.redhat.com/errata/RHSA-2018:0647
reference_id	RHSA-2018:0647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0647

reference_url	https://access.redhat.com/errata/RHSA-2018:0648
reference_id	RHSA-2018:0648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0648

reference_url	https://usn.ubuntu.com/3545-1/
reference_id	USN-3545-1
reference_type
scores
url	https://usn.ubuntu.com/3545-1/

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5127

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhy3-sx9u-budr

url VCID-wj4m-sy94-kya8

vulnerability_id VCID-wj4m-sy94-kya8

summary Mozilla developers and community members Calixte Denizet, Christian Holler, Sebastian Hengst, Jason Kratzer, Tyson Smith, Ryan VanderMeulen, Noemi Erli, Karl Tomlinson, Philipp, Gary Kwong, and Ronald Crane reported memory safety bugs present in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5126

reference_id

reference_type

scores

value	0.02042
scoring_system	epss
scoring_elements	0.83905
published_at	2026-04-29T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83771
published_at	2026-04-01T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83867
published_at	2026-04-21T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83893
published_at	2026-04-24T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.839
published_at	2026-04-26T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83784
published_at	2026-04-02T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83799
published_at	2026-04-04T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.838
published_at	2026-04-07T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83824
published_at	2026-04-08T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.8383
published_at	2026-04-09T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83846
published_at	2026-04-11T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83839
published_at	2026-04-12T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83835
published_at	2026-04-13T12:55:00Z

value	0.02042
scoring_system	epss
scoring_elements	0.83869
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5126

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1433671%2C1414768%2C1416523%2C1425691%2C1441006%2C1429768%2C1426002%2C1297740%2C1435566%2C1432855%2C1442318%2C1421963%2C1422631%2C1426603%2C1404297%2C1425257%2C1373934%2C1423173%2C1416940
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1433671%2C1414768%2C1416523%2C1425691%2C1441006%2C1429768%2C1426002%2C1297740%2C1435566%2C1432855%2C1442318%2C1421963%2C1422631%2C1426603%2C1404297%2C1425257%2C1373934%2C1423173%2C1416940

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5126

reference_id

CVE-2018-5126

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5126

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5126

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wj4m-sy94-kya8

url VCID-xhnt-7q7n-qbd2

vulnerability_id VCID-xhnt-7q7n-qbd2

summary If Media Capture and Streams API permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5142

reference_id

reference_type

scores

value	0.01178
scoring_system	epss
scoring_elements	0.78804
published_at	2026-04-29T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78679
published_at	2026-04-01T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78751
published_at	2026-04-21T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78779
published_at	2026-04-24T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78787
published_at	2026-04-26T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78685
published_at	2026-04-02T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78716
published_at	2026-04-04T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78698
published_at	2026-04-07T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78723
published_at	2026-04-08T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.7873
published_at	2026-04-09T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78754
published_at	2026-04-11T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78737
published_at	2026-04-12T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78728
published_at	2026-04-13T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78757
published_at	2026-04-16T12:55:00Z

value	0.01178
scoring_system	epss
scoring_elements	0.78755
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5142

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1366357
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1366357

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	http://www.securityfocus.com/bid/103386
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103386

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5142

reference_id

CVE-2018-5142

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5142

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5142

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhnt-7q7n-qbd2

url VCID-y14s-zt8p-syby

vulnerability_id VCID-y14s-zt8p-syby

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5125.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5125.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5125

reference_id

reference_type

scores

value	0.01069
scoring_system	epss
scoring_elements	0.77807
published_at	2026-04-29T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.7772
published_at	2026-04-12T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77719
published_at	2026-04-13T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77757
published_at	2026-04-16T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77756
published_at	2026-04-18T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77749
published_at	2026-04-21T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77782
published_at	2026-04-24T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77791
published_at	2026-04-26T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77661
published_at	2026-04-01T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77667
published_at	2026-04-02T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77694
published_at	2026-04-04T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77678
published_at	2026-04-07T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77705
published_at	2026-04-08T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.7771
published_at	2026-04-09T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77736
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5125

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4139
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4139

reference_url	https://www.debian.org/security/2018/dsa-4155
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4155

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-06/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-06/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-07/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-07/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-09/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-09/

reference_url	http://www.securityfocus.com/bid/103388
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103388

reference_url	http://www.securitytracker.com/id/1040514
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040514

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1555127
reference_id	1555127
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1555127

reference_url	https://security.archlinux.org/ASA-201803-22
reference_id	ASA-201803-22
reference_type
scores
url	https://security.archlinux.org/ASA-201803-22

reference_url

https://security.archlinux.org/AVG-663

reference_id

AVG-663

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-663

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5125

reference_id

CVE-2018-5125

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5125

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_id

mfsa2018-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_id

mfsa2018-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-09

reference_id

mfsa2018-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-09

reference_url	https://access.redhat.com/errata/RHSA-2018:0526
reference_id	RHSA-2018:0526
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0526

reference_url	https://access.redhat.com/errata/RHSA-2018:0527
reference_id	RHSA-2018:0527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0527

reference_url	https://access.redhat.com/errata/RHSA-2018:0647
reference_id	RHSA-2018:0647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0647

reference_url	https://access.redhat.com/errata/RHSA-2018:0648
reference_id	RHSA-2018:0648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0648

reference_url	https://usn.ubuntu.com/3545-1/
reference_id	USN-3545-1
reference_type
scores
url	https://usn.ubuntu.com/3545-1/

reference_url	https://usn.ubuntu.com/3596-1/
reference_id	USN-3596-1
reference_type
scores
url	https://usn.ubuntu.com/3596-1/

reference_url	https://usn.ubuntu.com/3688-1/
reference_id	USN-3688-1
reference_type
scores
url	https://usn.ubuntu.com/3688-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@59.0-1?distro=sid
purl	pkg:deb/debian/firefox@59.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2018-5125

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y14s-zt8p-syby

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid

Package Instance