Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox-esr@128.10.0esr-1?distro=trixie

Type deb

Namespace debian

Name firefox-esr

Version 128.10.0esr-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 128.10.1esr-1~deb11u1

Latest_non_vulnerable_version 140.10.0esr-1~deb13u1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-as4y-nhw6-akfx

vulnerability_id VCID-as4y-nhw6-akfx

summary A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4087.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4087.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4087

reference_id

reference_type

scores

value	0.00436
scoring_system	epss
scoring_elements	0.63067
published_at	2026-04-24T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63011
published_at	2026-04-04T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63046
published_at	2026-04-21T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.6306
published_at	2026-04-11T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63043
published_at	2026-04-09T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63027
published_at	2026-04-08T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62976
published_at	2026-04-07T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62982
published_at	2026-04-02T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63068
published_at	2026-04-18T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63061
published_at	2026-04-16T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63024
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4087

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362904
reference_id	2362904
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362904

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_id

mfsa2025-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_id

mfsa2025-28

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_id

mfsa2025-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_id

mfsa2025-29

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_id

mfsa2025-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_id

mfsa2025-31

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_id

mfsa2025-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_id

mfsa2025-32

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_url	https://access.redhat.com/errata/RHSA-2025:4443
reference_id	RHSA-2025:4443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4443

reference_url	https://access.redhat.com/errata/RHSA-2025:4458
reference_id	RHSA-2025:4458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4458

reference_url	https://access.redhat.com/errata/RHSA-2025:4460
reference_id	RHSA-2025:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4460

reference_url	https://access.redhat.com/errata/RHSA-2025:4751
reference_id	RHSA-2025:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4751

reference_url	https://access.redhat.com/errata/RHSA-2025:4752
reference_id	RHSA-2025:4752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4752

reference_url	https://access.redhat.com/errata/RHSA-2025:4753
reference_id	RHSA-2025:4753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4753

reference_url	https://access.redhat.com/errata/RHSA-2025:4756
reference_id	RHSA-2025:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4756

reference_url	https://access.redhat.com/errata/RHSA-2025:4797
reference_id	RHSA-2025:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4797

reference_url	https://access.redhat.com/errata/RHSA-2025:7428
reference_id	RHSA-2025:7428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7428

reference_url	https://access.redhat.com/errata/RHSA-2025:7506
reference_id	RHSA-2025:7506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7506

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url	https://access.redhat.com/errata/RHSA-2025:7543
reference_id	RHSA-2025:7543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7543

reference_url	https://access.redhat.com/errata/RHSA-2025:7544
reference_id	RHSA-2025:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7544

reference_url	https://access.redhat.com/errata/RHSA-2025:7545
reference_id	RHSA-2025:7545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7545

reference_url	https://access.redhat.com/errata/RHSA-2025:7547
reference_id	RHSA-2025:7547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7547

reference_url	https://access.redhat.com/errata/RHSA-2025:7689
reference_id	RHSA-2025:7689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7689

reference_url	https://access.redhat.com/errata/RHSA-2025:7690
reference_id	RHSA-2025:7690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7690

reference_url	https://access.redhat.com/errata/RHSA-2025:7691
reference_id	RHSA-2025:7691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7691

reference_url	https://access.redhat.com/errata/RHSA-2025:7692
reference_id	RHSA-2025:7692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7692

reference_url	https://access.redhat.com/errata/RHSA-2025:7693
reference_id	RHSA-2025:7693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7693

reference_url	https://access.redhat.com/errata/RHSA-2025:7694
reference_id	RHSA-2025:7694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7694

reference_url	https://access.redhat.com/errata/RHSA-2025:7695
reference_id	RHSA-2025:7695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7695

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1952465

reference_id

show_bug.cgi?id=1952465

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1952465

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-qbzp-euvv-q7c7

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-f81v-9fv8-93cd

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-f81v-9fv8-93cd

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1%3Fdistro=trixie

aliases CVE-2025-4087

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as4y-nhw6-akfx

url VCID-b3rg-quvp-2uha

vulnerability_id VCID-b3rg-quvp-2uha

summary A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4083

reference_id

reference_type

scores

value	0.00406
scoring_system	epss
scoring_elements	0.61101
published_at	2026-04-21T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61118
published_at	2026-04-18T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61052
published_at	2026-04-04T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61089
published_at	2026-04-24T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61102
published_at	2026-04-11T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61081
published_at	2026-04-09T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61065
published_at	2026-04-08T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61017
published_at	2026-04-07T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61023
published_at	2026-04-02T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61111
published_at	2026-04-16T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61069
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4083

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362907
reference_id	2362907
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362907

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_id

mfsa2025-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_id

mfsa2025-28

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_id

mfsa2025-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_id

mfsa2025-29

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-30

reference_id

mfsa2025-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-30/

reference_id

mfsa2025-30

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_id

mfsa2025-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_id

mfsa2025-31

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_id

mfsa2025-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_id

mfsa2025-32

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_url	https://access.redhat.com/errata/RHSA-2025:4443
reference_id	RHSA-2025:4443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4443

reference_url	https://access.redhat.com/errata/RHSA-2025:4458
reference_id	RHSA-2025:4458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4458

reference_url	https://access.redhat.com/errata/RHSA-2025:4460
reference_id	RHSA-2025:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4460

reference_url	https://access.redhat.com/errata/RHSA-2025:4751
reference_id	RHSA-2025:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4751

reference_url	https://access.redhat.com/errata/RHSA-2025:4752
reference_id	RHSA-2025:4752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4752

reference_url	https://access.redhat.com/errata/RHSA-2025:4753
reference_id	RHSA-2025:4753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4753

reference_url	https://access.redhat.com/errata/RHSA-2025:4756
reference_id	RHSA-2025:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4756

reference_url	https://access.redhat.com/errata/RHSA-2025:4797
reference_id	RHSA-2025:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4797

reference_url	https://access.redhat.com/errata/RHSA-2025:7428
reference_id	RHSA-2025:7428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7428

reference_url	https://access.redhat.com/errata/RHSA-2025:7506
reference_id	RHSA-2025:7506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7506

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url	https://access.redhat.com/errata/RHSA-2025:7543
reference_id	RHSA-2025:7543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7543

reference_url	https://access.redhat.com/errata/RHSA-2025:7544
reference_id	RHSA-2025:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7544

reference_url	https://access.redhat.com/errata/RHSA-2025:7545
reference_id	RHSA-2025:7545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7545

reference_url	https://access.redhat.com/errata/RHSA-2025:7547
reference_id	RHSA-2025:7547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7547

reference_url	https://access.redhat.com/errata/RHSA-2025:7689
reference_id	RHSA-2025:7689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7689

reference_url	https://access.redhat.com/errata/RHSA-2025:7690
reference_id	RHSA-2025:7690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7690

reference_url	https://access.redhat.com/errata/RHSA-2025:7691
reference_id	RHSA-2025:7691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7691

reference_url	https://access.redhat.com/errata/RHSA-2025:7692
reference_id	RHSA-2025:7692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7692

reference_url	https://access.redhat.com/errata/RHSA-2025:7693
reference_id	RHSA-2025:7693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7693

reference_url	https://access.redhat.com/errata/RHSA-2025:7694
reference_id	RHSA-2025:7694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7694

reference_url	https://access.redhat.com/errata/RHSA-2025:7695
reference_id	RHSA-2025:7695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7695

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1958350

reference_id

show_bug.cgi?id=1958350

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1958350

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-qbzp-euvv-q7c7

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-f81v-9fv8-93cd

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-f81v-9fv8-93cd

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1%3Fdistro=trixie

aliases CVE-2025-4083

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3rg-quvp-2uha

url VCID-dp5j-4mzw-pqer

vulnerability_id VCID-dp5j-4mzw-pqer

summary Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4093

reference_id

reference_type

scores

value	0.00427
scoring_system	epss
scoring_elements	0.62336
published_at	2026-04-24T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62236
published_at	2026-04-07T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62286
published_at	2026-04-08T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62304
published_at	2026-04-09T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62323
published_at	2026-04-11T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62313
published_at	2026-04-12T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62291
published_at	2026-04-13T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62337
published_at	2026-04-16T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62344
published_at	2026-04-18T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62328
published_at	2026-04-21T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.6224
published_at	2026-04-02T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.6227
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4093

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362915
reference_id	2362915
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362915

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_id

mfsa2025-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_id

mfsa2025-29

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_id

mfsa2025-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_id

mfsa2025-32

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_url	https://access.redhat.com/errata/RHSA-2025:4443
reference_id	RHSA-2025:4443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4443

reference_url	https://access.redhat.com/errata/RHSA-2025:4458
reference_id	RHSA-2025:4458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4458

reference_url	https://access.redhat.com/errata/RHSA-2025:4460
reference_id	RHSA-2025:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4460

reference_url	https://access.redhat.com/errata/RHSA-2025:4751
reference_id	RHSA-2025:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4751

reference_url	https://access.redhat.com/errata/RHSA-2025:4752
reference_id	RHSA-2025:4752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4752

reference_url	https://access.redhat.com/errata/RHSA-2025:4753
reference_id	RHSA-2025:4753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4753

reference_url	https://access.redhat.com/errata/RHSA-2025:4756
reference_id	RHSA-2025:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4756

reference_url	https://access.redhat.com/errata/RHSA-2025:4797
reference_id	RHSA-2025:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4797

reference_url	https://access.redhat.com/errata/RHSA-2025:7428
reference_id	RHSA-2025:7428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7428

reference_url	https://access.redhat.com/errata/RHSA-2025:7506
reference_id	RHSA-2025:7506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7506

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url	https://access.redhat.com/errata/RHSA-2025:7543
reference_id	RHSA-2025:7543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7543

reference_url	https://access.redhat.com/errata/RHSA-2025:7544
reference_id	RHSA-2025:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7544

reference_url	https://access.redhat.com/errata/RHSA-2025:7545
reference_id	RHSA-2025:7545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7545

reference_url	https://access.redhat.com/errata/RHSA-2025:7547
reference_id	RHSA-2025:7547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7547

reference_url	https://access.redhat.com/errata/RHSA-2025:7689
reference_id	RHSA-2025:7689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7689

reference_url	https://access.redhat.com/errata/RHSA-2025:7690
reference_id	RHSA-2025:7690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7690

reference_url	https://access.redhat.com/errata/RHSA-2025:7691
reference_id	RHSA-2025:7691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7691

reference_url	https://access.redhat.com/errata/RHSA-2025:7692
reference_id	RHSA-2025:7692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7692

reference_url	https://access.redhat.com/errata/RHSA-2025:7693
reference_id	RHSA-2025:7693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7693

reference_url	https://access.redhat.com/errata/RHSA-2025:7694
reference_id	RHSA-2025:7694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7694

reference_url	https://access.redhat.com/errata/RHSA-2025:7695
reference_id	RHSA-2025:7695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7695

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1894100

reference_id

show_bug.cgi?id=1894100

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1894100

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-qbzp-euvv-q7c7

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-f81v-9fv8-93cd

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-f81v-9fv8-93cd

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1%3Fdistro=trixie

aliases CVE-2025-4093

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5j-4mzw-pqer

url VCID-gph4-xa9p-73fr

vulnerability_id VCID-gph4-xa9p-73fr

summary Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4091.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4091.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4091

reference_id

reference_type

scores

value	0.00436
scoring_system	epss
scoring_elements	0.63038
published_at	2026-04-24T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62947
published_at	2026-04-07T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63018
published_at	2026-04-12T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63032
published_at	2026-04-11T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63015
published_at	2026-04-09T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62998
published_at	2026-04-08T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62983
published_at	2026-04-04T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62954
published_at	2026-04-02T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63019
published_at	2026-04-21T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.6304
published_at	2026-04-18T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63033
published_at	2026-04-16T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62996
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362912
reference_id	2362912
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362912

reference_url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105

reference_id

buglist.cgi?bug_id=1951161%2C1952105

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_id

mfsa2025-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_id

mfsa2025-28

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_id

mfsa2025-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_id

mfsa2025-29

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_id

mfsa2025-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_id

mfsa2025-31

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_id

mfsa2025-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_id

mfsa2025-32

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_url	https://access.redhat.com/errata/RHSA-2025:4443
reference_id	RHSA-2025:4443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4443

reference_url	https://access.redhat.com/errata/RHSA-2025:4458
reference_id	RHSA-2025:4458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4458

reference_url	https://access.redhat.com/errata/RHSA-2025:4460
reference_id	RHSA-2025:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4460

reference_url	https://access.redhat.com/errata/RHSA-2025:4751
reference_id	RHSA-2025:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4751

reference_url	https://access.redhat.com/errata/RHSA-2025:4752
reference_id	RHSA-2025:4752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4752

reference_url	https://access.redhat.com/errata/RHSA-2025:4753
reference_id	RHSA-2025:4753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4753

reference_url	https://access.redhat.com/errata/RHSA-2025:4756
reference_id	RHSA-2025:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4756

reference_url	https://access.redhat.com/errata/RHSA-2025:4797
reference_id	RHSA-2025:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4797

reference_url	https://access.redhat.com/errata/RHSA-2025:7428
reference_id	RHSA-2025:7428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7428

reference_url	https://access.redhat.com/errata/RHSA-2025:7506
reference_id	RHSA-2025:7506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7506

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url	https://access.redhat.com/errata/RHSA-2025:7543
reference_id	RHSA-2025:7543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7543

reference_url	https://access.redhat.com/errata/RHSA-2025:7544
reference_id	RHSA-2025:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7544

reference_url	https://access.redhat.com/errata/RHSA-2025:7545
reference_id	RHSA-2025:7545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7545

reference_url	https://access.redhat.com/errata/RHSA-2025:7547
reference_id	RHSA-2025:7547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7547

reference_url	https://access.redhat.com/errata/RHSA-2025:7689
reference_id	RHSA-2025:7689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7689

reference_url	https://access.redhat.com/errata/RHSA-2025:7690
reference_id	RHSA-2025:7690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7690

reference_url	https://access.redhat.com/errata/RHSA-2025:7691
reference_id	RHSA-2025:7691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7691

reference_url	https://access.redhat.com/errata/RHSA-2025:7692
reference_id	RHSA-2025:7692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7692

reference_url	https://access.redhat.com/errata/RHSA-2025:7693
reference_id	RHSA-2025:7693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7693

reference_url	https://access.redhat.com/errata/RHSA-2025:7694
reference_id	RHSA-2025:7694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7694

reference_url	https://access.redhat.com/errata/RHSA-2025:7695
reference_id	RHSA-2025:7695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7695

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-qbzp-euvv-q7c7

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.1esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-f81v-9fv8-93cd

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-f81v-9fv8-93cd

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1%3Fdistro=trixie

aliases CVE-2025-4091

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gph4-xa9p-73fr

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.10.0esr-1%3Fdistro=trixie

Package Instance