Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/thunderbird@128.10.1-1?arch=el9_6
Typerpm
Namespaceredhat
Namethunderbird
Version128.10.1-1
Qualifiers
arch el9_6
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-n3rs-11fq-wqc4
vulnerability_id VCID-n3rs-11fq-wqc4
summary 
Thunderbird parses addresses in a way that can allow sender
spoofing in case the server allows an invalid From address to be
used. For example, if the From header contains an (invalid) value
"Spoofed Name  ",
Thunderbird treats spoofed@example.com as the actual address.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3875.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3875.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3875
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59184
published_at 2026-04-21T12:55:00Z
1
value 0.00375
scoring_system epss
scoring_elements 0.59116
published_at 2026-04-07T12:55:00Z
2
value 0.00375
scoring_system epss
scoring_elements 0.59167
published_at 2026-04-08T12:55:00Z
3
value 0.00375
scoring_system epss
scoring_elements 0.5918
published_at 2026-04-09T12:55:00Z
4
value 0.00375
scoring_system epss
scoring_elements 0.592
published_at 2026-04-11T12:55:00Z
5
value 0.00375
scoring_system epss
scoring_elements 0.59183
published_at 2026-04-12T12:55:00Z
6
value 0.00375
scoring_system epss
scoring_elements 0.59164
published_at 2026-04-13T12:55:00Z
7
value 0.00375
scoring_system epss
scoring_elements 0.59199
published_at 2026-04-16T12:55:00Z
8
value 0.00375
scoring_system epss
scoring_elements 0.59204
published_at 2026-04-18T12:55:00Z
9
value 0.00375
scoring_system epss
scoring_elements 0.59129
published_at 2026-04-02T12:55:00Z
10
value 0.00375
scoring_system epss
scoring_elements 0.59152
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3875
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366287
reference_id 2366287
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366287
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
reference_id mfsa2025-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-34/
reference_id mfsa2025-34
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/
url https://www.mozilla.org/security/advisories/mfsa2025-34/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
reference_id mfsa2025-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-35/
reference_id mfsa2025-35
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/
url https://www.mozilla.org/security/advisories/mfsa2025-35/
8
reference_url https://access.redhat.com/errata/RHSA-2025:8196
reference_id RHSA-2025:8196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8196
9
reference_url https://access.redhat.com/errata/RHSA-2025:8203
reference_id RHSA-2025:8203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8203
10
reference_url https://access.redhat.com/errata/RHSA-2025:8324
reference_id RHSA-2025:8324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8324
11
reference_url https://access.redhat.com/errata/RHSA-2025:8325
reference_id RHSA-2025:8325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8325
12
reference_url https://access.redhat.com/errata/RHSA-2025:8326
reference_id RHSA-2025:8326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8326
13
reference_url https://access.redhat.com/errata/RHSA-2025:8391
reference_id RHSA-2025:8391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8391
14
reference_url https://access.redhat.com/errata/RHSA-2025:8507
reference_id RHSA-2025:8507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8507
15
reference_url https://access.redhat.com/errata/RHSA-2025:8594
reference_id RHSA-2025:8594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8594
16
reference_url https://access.redhat.com/errata/RHSA-2025:8756
reference_id RHSA-2025:8756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8756
17
reference_url https://access.redhat.com/errata/RHSA-2025:8784
reference_id RHSA-2025:8784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8784
18
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1950629
reference_id show_bug.cgi?id=1950629
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1950629
19
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
aliases CVE-2025-3875
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3rs-11fq-wqc4
1
url VCID-pneu-6c1f-zkfa
vulnerability_id VCID-pneu-6c1f-zkfa
summary 
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header
can be exploited to execute JavaScript in the file:/// context. By crafting a
nested email attachment (message/rfc822) and setting its content type to
application/pdf, Thunderbird may incorrectly render it as HTML when
opened, allowing the embedded JavaScript to run without requiring a file
download. This behavior relies on Thunderbird auto-saving the attachment
to /tmp and linking to it via the file:/// protocol, potentially enabling
JavaScript execution as part of the HTML.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3909.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3909.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3909
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62117
published_at 2026-04-21T12:55:00Z
1
value 0.00422
scoring_system epss
scoring_elements 0.62028
published_at 2026-04-07T12:55:00Z
2
value 0.00422
scoring_system epss
scoring_elements 0.62078
published_at 2026-04-08T12:55:00Z
3
value 0.00422
scoring_system epss
scoring_elements 0.62095
published_at 2026-04-09T12:55:00Z
4
value 0.00422
scoring_system epss
scoring_elements 0.62115
published_at 2026-04-11T12:55:00Z
5
value 0.00422
scoring_system epss
scoring_elements 0.62104
published_at 2026-04-12T12:55:00Z
6
value 0.00422
scoring_system epss
scoring_elements 0.62083
published_at 2026-04-13T12:55:00Z
7
value 0.00422
scoring_system epss
scoring_elements 0.62127
published_at 2026-04-16T12:55:00Z
8
value 0.00422
scoring_system epss
scoring_elements 0.62133
published_at 2026-04-18T12:55:00Z
9
value 0.00422
scoring_system epss
scoring_elements 0.62027
published_at 2026-04-02T12:55:00Z
10
value 0.00422
scoring_system epss
scoring_elements 0.62058
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3909
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366283
reference_id 2366283
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366283
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
reference_id mfsa2025-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-34/
reference_id mfsa2025-34
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-34/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
reference_id mfsa2025-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-35/
reference_id mfsa2025-35
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-35/
8
reference_url https://access.redhat.com/errata/RHSA-2025:8196
reference_id RHSA-2025:8196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8196
9
reference_url https://access.redhat.com/errata/RHSA-2025:8203
reference_id RHSA-2025:8203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8203
10
reference_url https://access.redhat.com/errata/RHSA-2025:8324
reference_id RHSA-2025:8324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8324
11
reference_url https://access.redhat.com/errata/RHSA-2025:8325
reference_id RHSA-2025:8325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8325
12
reference_url https://access.redhat.com/errata/RHSA-2025:8326
reference_id RHSA-2025:8326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8326
13
reference_url https://access.redhat.com/errata/RHSA-2025:8391
reference_id RHSA-2025:8391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8391
14
reference_url https://access.redhat.com/errata/RHSA-2025:8507
reference_id RHSA-2025:8507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8507
15
reference_url https://access.redhat.com/errata/RHSA-2025:8594
reference_id RHSA-2025:8594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8594
16
reference_url https://access.redhat.com/errata/RHSA-2025:8756
reference_id RHSA-2025:8756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8756
17
reference_url https://access.redhat.com/errata/RHSA-2025:8784
reference_id RHSA-2025:8784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8784
18
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1958376
reference_id show_bug.cgi?id=1958376
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1958376
19
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
aliases CVE-2025-3909
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pneu-6c1f-zkfa
2
url VCID-uy2g-rmuh-pkbe
vulnerability_id VCID-uy2g-rmuh-pkbe
summary 
It was possible to craft an email that showed a tracking link as an
attachment. If the user attempted to open the attachment, Thunderbird
automatically accessed the link. The configuration to block remote content
did not prevent that. Thunderbird has been fixed to no longer allow access
to web pages listed in the X-Mozilla-External-Attachment-URL header of an
email.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3932.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3932.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3932
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51557
published_at 2026-04-21T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51463
published_at 2026-04-07T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51517
published_at 2026-04-08T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51515
published_at 2026-04-09T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51559
published_at 2026-04-11T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51538
published_at 2026-04-12T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51526
published_at 2026-04-13T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51569
published_at 2026-04-16T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51578
published_at 2026-04-18T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51477
published_at 2026-04-02T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51504
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3932
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366297
reference_id 2366297
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366297
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
reference_id mfsa2025-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-34/
reference_id mfsa2025-34
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/
url https://www.mozilla.org/security/advisories/mfsa2025-34/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
reference_id mfsa2025-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-35/
reference_id mfsa2025-35
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/
url https://www.mozilla.org/security/advisories/mfsa2025-35/
8
reference_url https://access.redhat.com/errata/RHSA-2025:8196
reference_id RHSA-2025:8196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8196
9
reference_url https://access.redhat.com/errata/RHSA-2025:8203
reference_id RHSA-2025:8203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8203
10
reference_url https://access.redhat.com/errata/RHSA-2025:8324
reference_id RHSA-2025:8324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8324
11
reference_url https://access.redhat.com/errata/RHSA-2025:8325
reference_id RHSA-2025:8325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8325
12
reference_url https://access.redhat.com/errata/RHSA-2025:8326
reference_id RHSA-2025:8326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8326
13
reference_url https://access.redhat.com/errata/RHSA-2025:8391
reference_id RHSA-2025:8391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8391
14
reference_url https://access.redhat.com/errata/RHSA-2025:8507
reference_id RHSA-2025:8507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8507
15
reference_url https://access.redhat.com/errata/RHSA-2025:8594
reference_id RHSA-2025:8594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8594
16
reference_url https://access.redhat.com/errata/RHSA-2025:8756
reference_id RHSA-2025:8756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8756
17
reference_url https://access.redhat.com/errata/RHSA-2025:8784
reference_id RHSA-2025:8784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8784
18
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1960412
reference_id show_bug.cgi?id=1960412
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1960412
19
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
aliases CVE-2025-3932
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy2g-rmuh-pkbe
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@128.10.1-1%3Farch=el9_6