Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
Typedeb
Namespacedebian
Namethunderbird
Version1:128.10.1esr-1~deb11u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:128.10.1esr-1~deb12u1
Latest_non_vulnerable_version1:140.9.1esr-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-as4y-nhw6-akfx
vulnerability_id VCID-as4y-nhw6-akfx
summary A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4087.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4087.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4087
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63068
published_at 2026-04-18T12:55:00Z
1
value 0.00436
scoring_system epss
scoring_elements 0.63011
published_at 2026-04-04T12:55:00Z
2
value 0.00436
scoring_system epss
scoring_elements 0.63046
published_at 2026-04-21T12:55:00Z
3
value 0.00436
scoring_system epss
scoring_elements 0.6306
published_at 2026-04-11T12:55:00Z
4
value 0.00436
scoring_system epss
scoring_elements 0.63043
published_at 2026-04-09T12:55:00Z
5
value 0.00436
scoring_system epss
scoring_elements 0.63027
published_at 2026-04-08T12:55:00Z
6
value 0.00436
scoring_system epss
scoring_elements 0.62976
published_at 2026-04-07T12:55:00Z
7
value 0.00436
scoring_system epss
scoring_elements 0.62982
published_at 2026-04-02T12:55:00Z
8
value 0.00436
scoring_system epss
scoring_elements 0.63061
published_at 2026-04-16T12:55:00Z
9
value 0.00436
scoring_system epss
scoring_elements 0.63024
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4087
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362904
reference_id 2362904
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362904
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-28
reference_id mfsa2025-28
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-28
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-28/
reference_id mfsa2025-28
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/
url https://www.mozilla.org/security/advisories/mfsa2025-28/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
reference_id mfsa2025-29
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-29/
reference_id mfsa2025-29
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/
url https://www.mozilla.org/security/advisories/mfsa2025-29/
9
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-31
reference_id mfsa2025-31
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-31
10
reference_url https://www.mozilla.org/security/advisories/mfsa2025-31/
reference_id mfsa2025-31
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/
url https://www.mozilla.org/security/advisories/mfsa2025-31/
11
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
reference_id mfsa2025-32
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
12
reference_url https://www.mozilla.org/security/advisories/mfsa2025-32/
reference_id mfsa2025-32
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/
url https://www.mozilla.org/security/advisories/mfsa2025-32/
13
reference_url https://access.redhat.com/errata/RHSA-2025:4443
reference_id RHSA-2025:4443
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4443
14
reference_url https://access.redhat.com/errata/RHSA-2025:4458
reference_id RHSA-2025:4458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4458
15
reference_url https://access.redhat.com/errata/RHSA-2025:4460
reference_id RHSA-2025:4460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4460
16
reference_url https://access.redhat.com/errata/RHSA-2025:4751
reference_id RHSA-2025:4751
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4751
17
reference_url https://access.redhat.com/errata/RHSA-2025:4752
reference_id RHSA-2025:4752
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4752
18
reference_url https://access.redhat.com/errata/RHSA-2025:4753
reference_id RHSA-2025:4753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4753
19
reference_url https://access.redhat.com/errata/RHSA-2025:4756
reference_id RHSA-2025:4756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4756
20
reference_url https://access.redhat.com/errata/RHSA-2025:4797
reference_id RHSA-2025:4797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4797
21
reference_url https://access.redhat.com/errata/RHSA-2025:7428
reference_id RHSA-2025:7428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7428
22
reference_url https://access.redhat.com/errata/RHSA-2025:7506
reference_id RHSA-2025:7506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7506
23
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
24
reference_url https://access.redhat.com/errata/RHSA-2025:7543
reference_id RHSA-2025:7543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7543
25
reference_url https://access.redhat.com/errata/RHSA-2025:7544
reference_id RHSA-2025:7544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7544
26
reference_url https://access.redhat.com/errata/RHSA-2025:7545
reference_id RHSA-2025:7545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7545
27
reference_url https://access.redhat.com/errata/RHSA-2025:7547
reference_id RHSA-2025:7547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7547
28
reference_url https://access.redhat.com/errata/RHSA-2025:7689
reference_id RHSA-2025:7689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7689
29
reference_url https://access.redhat.com/errata/RHSA-2025:7690
reference_id RHSA-2025:7690
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7690
30
reference_url https://access.redhat.com/errata/RHSA-2025:7691
reference_id RHSA-2025:7691
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7691
31
reference_url https://access.redhat.com/errata/RHSA-2025:7692
reference_id RHSA-2025:7692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7692
32
reference_url https://access.redhat.com/errata/RHSA-2025:7693
reference_id RHSA-2025:7693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7693
33
reference_url https://access.redhat.com/errata/RHSA-2025:7694
reference_id RHSA-2025:7694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7694
34
reference_url https://access.redhat.com/errata/RHSA-2025:7695
reference_id RHSA-2025:7695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7695
35
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1952465
reference_id show_bug.cgi?id=1952465
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1952465
36
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-4087
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as4y-nhw6-akfx
1
url VCID-b3rg-quvp-2uha
vulnerability_id VCID-b3rg-quvp-2uha
summary A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4083
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61101
published_at 2026-04-21T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61118
published_at 2026-04-18T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61052
published_at 2026-04-04T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.61089
published_at 2026-04-12T12:55:00Z
4
value 0.00406
scoring_system epss
scoring_elements 0.61102
published_at 2026-04-11T12:55:00Z
5
value 0.00406
scoring_system epss
scoring_elements 0.61081
published_at 2026-04-09T12:55:00Z
6
value 0.00406
scoring_system epss
scoring_elements 0.61065
published_at 2026-04-08T12:55:00Z
7
value 0.00406
scoring_system epss
scoring_elements 0.61017
published_at 2026-04-07T12:55:00Z
8
value 0.00406
scoring_system epss
scoring_elements 0.61023
published_at 2026-04-02T12:55:00Z
9
value 0.00406
scoring_system epss
scoring_elements 0.61111
published_at 2026-04-16T12:55:00Z
10
value 0.00406
scoring_system epss
scoring_elements 0.61069
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4083
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362907
reference_id 2362907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362907
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-28
reference_id mfsa2025-28
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-28
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-28/
reference_id mfsa2025-28
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/
url https://www.mozilla.org/security/advisories/mfsa2025-28/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
reference_id mfsa2025-29
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-29/
reference_id mfsa2025-29
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/
url https://www.mozilla.org/security/advisories/mfsa2025-29/
9
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-30
reference_id mfsa2025-30
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-30
10
reference_url https://www.mozilla.org/security/advisories/mfsa2025-30/
reference_id mfsa2025-30
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/
url https://www.mozilla.org/security/advisories/mfsa2025-30/
11
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-31
reference_id mfsa2025-31
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-31
12
reference_url https://www.mozilla.org/security/advisories/mfsa2025-31/
reference_id mfsa2025-31
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/
url https://www.mozilla.org/security/advisories/mfsa2025-31/
13
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
reference_id mfsa2025-32
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
14
reference_url https://www.mozilla.org/security/advisories/mfsa2025-32/
reference_id mfsa2025-32
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/
url https://www.mozilla.org/security/advisories/mfsa2025-32/
15
reference_url https://access.redhat.com/errata/RHSA-2025:4443
reference_id RHSA-2025:4443
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4443
16
reference_url https://access.redhat.com/errata/RHSA-2025:4458
reference_id RHSA-2025:4458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4458
17
reference_url https://access.redhat.com/errata/RHSA-2025:4460
reference_id RHSA-2025:4460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4460
18
reference_url https://access.redhat.com/errata/RHSA-2025:4751
reference_id RHSA-2025:4751
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4751
19
reference_url https://access.redhat.com/errata/RHSA-2025:4752
reference_id RHSA-2025:4752
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4752
20
reference_url https://access.redhat.com/errata/RHSA-2025:4753
reference_id RHSA-2025:4753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4753
21
reference_url https://access.redhat.com/errata/RHSA-2025:4756
reference_id RHSA-2025:4756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4756
22
reference_url https://access.redhat.com/errata/RHSA-2025:4797
reference_id RHSA-2025:4797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4797
23
reference_url https://access.redhat.com/errata/RHSA-2025:7428
reference_id RHSA-2025:7428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7428
24
reference_url https://access.redhat.com/errata/RHSA-2025:7506
reference_id RHSA-2025:7506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7506
25
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
26
reference_url https://access.redhat.com/errata/RHSA-2025:7543
reference_id RHSA-2025:7543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7543
27
reference_url https://access.redhat.com/errata/RHSA-2025:7544
reference_id RHSA-2025:7544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7544
28
reference_url https://access.redhat.com/errata/RHSA-2025:7545
reference_id RHSA-2025:7545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7545
29
reference_url https://access.redhat.com/errata/RHSA-2025:7547
reference_id RHSA-2025:7547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7547
30
reference_url https://access.redhat.com/errata/RHSA-2025:7689
reference_id RHSA-2025:7689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7689
31
reference_url https://access.redhat.com/errata/RHSA-2025:7690
reference_id RHSA-2025:7690
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7690
32
reference_url https://access.redhat.com/errata/RHSA-2025:7691
reference_id RHSA-2025:7691
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7691
33
reference_url https://access.redhat.com/errata/RHSA-2025:7692
reference_id RHSA-2025:7692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7692
34
reference_url https://access.redhat.com/errata/RHSA-2025:7693
reference_id RHSA-2025:7693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7693
35
reference_url https://access.redhat.com/errata/RHSA-2025:7694
reference_id RHSA-2025:7694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7694
36
reference_url https://access.redhat.com/errata/RHSA-2025:7695
reference_id RHSA-2025:7695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7695
37
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1958350
reference_id show_bug.cgi?id=1958350
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1958350
38
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-4083
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3rg-quvp-2uha
2
url VCID-dp5j-4mzw-pqer
vulnerability_id VCID-dp5j-4mzw-pqer
summary Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4093
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62328
published_at 2026-04-21T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62304
published_at 2026-04-09T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62236
published_at 2026-04-07T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62286
published_at 2026-04-08T12:55:00Z
4
value 0.00427
scoring_system epss
scoring_elements 0.62323
published_at 2026-04-11T12:55:00Z
5
value 0.00427
scoring_system epss
scoring_elements 0.6224
published_at 2026-04-02T12:55:00Z
6
value 0.00427
scoring_system epss
scoring_elements 0.62344
published_at 2026-04-18T12:55:00Z
7
value 0.00427
scoring_system epss
scoring_elements 0.62337
published_at 2026-04-16T12:55:00Z
8
value 0.00427
scoring_system epss
scoring_elements 0.62291
published_at 2026-04-13T12:55:00Z
9
value 0.00427
scoring_system epss
scoring_elements 0.62313
published_at 2026-04-12T12:55:00Z
10
value 0.00427
scoring_system epss
scoring_elements 0.6227
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4093
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362915
reference_id 2362915
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362915
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
reference_id mfsa2025-29
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-29/
reference_id mfsa2025-29
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/
url https://www.mozilla.org/security/advisories/mfsa2025-29/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
reference_id mfsa2025-32
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-32/
reference_id mfsa2025-32
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/
url https://www.mozilla.org/security/advisories/mfsa2025-32/
9
reference_url https://access.redhat.com/errata/RHSA-2025:4443
reference_id RHSA-2025:4443
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4443
10
reference_url https://access.redhat.com/errata/RHSA-2025:4458
reference_id RHSA-2025:4458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4458
11
reference_url https://access.redhat.com/errata/RHSA-2025:4460
reference_id RHSA-2025:4460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4460
12
reference_url https://access.redhat.com/errata/RHSA-2025:4751
reference_id RHSA-2025:4751
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4751
13
reference_url https://access.redhat.com/errata/RHSA-2025:4752
reference_id RHSA-2025:4752
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4752
14
reference_url https://access.redhat.com/errata/RHSA-2025:4753
reference_id RHSA-2025:4753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4753
15
reference_url https://access.redhat.com/errata/RHSA-2025:4756
reference_id RHSA-2025:4756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4756
16
reference_url https://access.redhat.com/errata/RHSA-2025:4797
reference_id RHSA-2025:4797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4797
17
reference_url https://access.redhat.com/errata/RHSA-2025:7428
reference_id RHSA-2025:7428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7428
18
reference_url https://access.redhat.com/errata/RHSA-2025:7506
reference_id RHSA-2025:7506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7506
19
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
20
reference_url https://access.redhat.com/errata/RHSA-2025:7543
reference_id RHSA-2025:7543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7543
21
reference_url https://access.redhat.com/errata/RHSA-2025:7544
reference_id RHSA-2025:7544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7544
22
reference_url https://access.redhat.com/errata/RHSA-2025:7545
reference_id RHSA-2025:7545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7545
23
reference_url https://access.redhat.com/errata/RHSA-2025:7547
reference_id RHSA-2025:7547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7547
24
reference_url https://access.redhat.com/errata/RHSA-2025:7689
reference_id RHSA-2025:7689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7689
25
reference_url https://access.redhat.com/errata/RHSA-2025:7690
reference_id RHSA-2025:7690
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7690
26
reference_url https://access.redhat.com/errata/RHSA-2025:7691
reference_id RHSA-2025:7691
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7691
27
reference_url https://access.redhat.com/errata/RHSA-2025:7692
reference_id RHSA-2025:7692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7692
28
reference_url https://access.redhat.com/errata/RHSA-2025:7693
reference_id RHSA-2025:7693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7693
29
reference_url https://access.redhat.com/errata/RHSA-2025:7694
reference_id RHSA-2025:7694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7694
30
reference_url https://access.redhat.com/errata/RHSA-2025:7695
reference_id RHSA-2025:7695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7695
31
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1894100
reference_id show_bug.cgi?id=1894100
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1894100
32
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-4093
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5j-4mzw-pqer
3
url VCID-gph4-xa9p-73fr
vulnerability_id VCID-gph4-xa9p-73fr
summary Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4091.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4091.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4091
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63019
published_at 2026-04-21T12:55:00Z
1
value 0.00436
scoring_system epss
scoring_elements 0.62947
published_at 2026-04-07T12:55:00Z
2
value 0.00436
scoring_system epss
scoring_elements 0.63018
published_at 2026-04-12T12:55:00Z
3
value 0.00436
scoring_system epss
scoring_elements 0.63032
published_at 2026-04-11T12:55:00Z
4
value 0.00436
scoring_system epss
scoring_elements 0.63015
published_at 2026-04-09T12:55:00Z
5
value 0.00436
scoring_system epss
scoring_elements 0.62998
published_at 2026-04-08T12:55:00Z
6
value 0.00436
scoring_system epss
scoring_elements 0.62983
published_at 2026-04-04T12:55:00Z
7
value 0.00436
scoring_system epss
scoring_elements 0.62954
published_at 2026-04-02T12:55:00Z
8
value 0.00436
scoring_system epss
scoring_elements 0.6304
published_at 2026-04-18T12:55:00Z
9
value 0.00436
scoring_system epss
scoring_elements 0.63033
published_at 2026-04-16T12:55:00Z
10
value 0.00436
scoring_system epss
scoring_elements 0.62996
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4091
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362912
reference_id 2362912
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362912
5
reference_url https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105
reference_id buglist.cgi?bug_id=1951161%2C1952105
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/
url https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-28
reference_id mfsa2025-28
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-28
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-28/
reference_id mfsa2025-28
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/
url https://www.mozilla.org/security/advisories/mfsa2025-28/
8
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
reference_id mfsa2025-29
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
9
reference_url https://www.mozilla.org/security/advisories/mfsa2025-29/
reference_id mfsa2025-29
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/
url https://www.mozilla.org/security/advisories/mfsa2025-29/
10
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-31
reference_id mfsa2025-31
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-31
11
reference_url https://www.mozilla.org/security/advisories/mfsa2025-31/
reference_id mfsa2025-31
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/
url https://www.mozilla.org/security/advisories/mfsa2025-31/
12
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
reference_id mfsa2025-32
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
13
reference_url https://www.mozilla.org/security/advisories/mfsa2025-32/
reference_id mfsa2025-32
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/
url https://www.mozilla.org/security/advisories/mfsa2025-32/
14
reference_url https://access.redhat.com/errata/RHSA-2025:4443
reference_id RHSA-2025:4443
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4443
15
reference_url https://access.redhat.com/errata/RHSA-2025:4458
reference_id RHSA-2025:4458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4458
16
reference_url https://access.redhat.com/errata/RHSA-2025:4460
reference_id RHSA-2025:4460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4460
17
reference_url https://access.redhat.com/errata/RHSA-2025:4751
reference_id RHSA-2025:4751
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4751
18
reference_url https://access.redhat.com/errata/RHSA-2025:4752
reference_id RHSA-2025:4752
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4752
19
reference_url https://access.redhat.com/errata/RHSA-2025:4753
reference_id RHSA-2025:4753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4753
20
reference_url https://access.redhat.com/errata/RHSA-2025:4756
reference_id RHSA-2025:4756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4756
21
reference_url https://access.redhat.com/errata/RHSA-2025:4797
reference_id RHSA-2025:4797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4797
22
reference_url https://access.redhat.com/errata/RHSA-2025:7428
reference_id RHSA-2025:7428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7428
23
reference_url https://access.redhat.com/errata/RHSA-2025:7506
reference_id RHSA-2025:7506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7506
24
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
25
reference_url https://access.redhat.com/errata/RHSA-2025:7543
reference_id RHSA-2025:7543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7543
26
reference_url https://access.redhat.com/errata/RHSA-2025:7544
reference_id RHSA-2025:7544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7544
27
reference_url https://access.redhat.com/errata/RHSA-2025:7545
reference_id RHSA-2025:7545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7545
28
reference_url https://access.redhat.com/errata/RHSA-2025:7547
reference_id RHSA-2025:7547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7547
29
reference_url https://access.redhat.com/errata/RHSA-2025:7689
reference_id RHSA-2025:7689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7689
30
reference_url https://access.redhat.com/errata/RHSA-2025:7690
reference_id RHSA-2025:7690
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7690
31
reference_url https://access.redhat.com/errata/RHSA-2025:7691
reference_id RHSA-2025:7691
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7691
32
reference_url https://access.redhat.com/errata/RHSA-2025:7692
reference_id RHSA-2025:7692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7692
33
reference_url https://access.redhat.com/errata/RHSA-2025:7693
reference_id RHSA-2025:7693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7693
34
reference_url https://access.redhat.com/errata/RHSA-2025:7694
reference_id RHSA-2025:7694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7694
35
reference_url https://access.redhat.com/errata/RHSA-2025:7695
reference_id RHSA-2025:7695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7695
36
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-4091
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gph4-xa9p-73fr
4
url VCID-jyns-kqp9-4ygh
vulnerability_id VCID-jyns-kqp9-4ygh
summary 
By crafting a malformed file name for an attachment in a multipart
message, an attacker can trick Thunderbird into including a
directory listing of /tmp when the message is forwarded or edited
as a new message. This vulnerability could allow attackers to
disclose sensitive information from the victim's system. This
vulnerability is not limited to Linux; similar behavior has been
observed on Windows as well.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2830
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45075
published_at 2026-04-21T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.4509
published_at 2026-04-09T12:55:00Z
2
value 0.00224
scoring_system epss
scoring_elements 0.45037
published_at 2026-04-07T12:55:00Z
3
value 0.00224
scoring_system epss
scoring_elements 0.45089
published_at 2026-04-08T12:55:00Z
4
value 0.00224
scoring_system epss
scoring_elements 0.45112
published_at 2026-04-11T12:55:00Z
5
value 0.00224
scoring_system epss
scoring_elements 0.45072
published_at 2026-04-02T12:55:00Z
6
value 0.00224
scoring_system epss
scoring_elements 0.45124
published_at 2026-04-18T12:55:00Z
7
value 0.00224
scoring_system epss
scoring_elements 0.45131
published_at 2026-04-16T12:55:00Z
8
value 0.00224
scoring_system epss
scoring_elements 0.45082
published_at 2026-04-13T12:55:00Z
9
value 0.00224
scoring_system epss
scoring_elements 0.4508
published_at 2026-04-12T12:55:00Z
10
value 0.00224
scoring_system epss
scoring_elements 0.45094
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2830
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359789
reference_id 2359789
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2359789
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
reference_id mfsa2025-26
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-26/
reference_id mfsa2025-26
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-26/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
reference_id mfsa2025-27
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-27/
reference_id mfsa2025-27
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-27/
9
reference_url https://access.redhat.com/errata/RHSA-2025:4229
reference_id RHSA-2025:4229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4229
10
reference_url https://access.redhat.com/errata/RHSA-2025:4389
reference_id RHSA-2025:4389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4389
11
reference_url https://access.redhat.com/errata/RHSA-2025:4512
reference_id RHSA-2025:4512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4512
12
reference_url https://access.redhat.com/errata/RHSA-2025:4513
reference_id RHSA-2025:4513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4513
13
reference_url https://access.redhat.com/errata/RHSA-2025:4514
reference_id RHSA-2025:4514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4514
14
reference_url https://access.redhat.com/errata/RHSA-2025:4617
reference_id RHSA-2025:4617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4617
15
reference_url https://access.redhat.com/errata/RHSA-2025:4649
reference_id RHSA-2025:4649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4649
16
reference_url https://access.redhat.com/errata/RHSA-2025:4654
reference_id RHSA-2025:4654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4654
17
reference_url https://access.redhat.com/errata/RHSA-2025:4665
reference_id RHSA-2025:4665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4665
18
reference_url https://access.redhat.com/errata/RHSA-2025:7435
reference_id RHSA-2025:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7435
19
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
20
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1956379
reference_id show_bug.cgi?id=1956379
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1956379
21
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-2830
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyns-kqp9-4ygh
5
url VCID-n3rs-11fq-wqc4
vulnerability_id VCID-n3rs-11fq-wqc4
summary 
Thunderbird parses addresses in a way that can allow sender
spoofing in case the server allows an invalid From address to be
used. For example, if the From header contains an (invalid) value
"Spoofed Name  ",
Thunderbird treats spoofed@example.com as the actual address.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3875.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3875.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3875
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59184
published_at 2026-04-21T12:55:00Z
1
value 0.00375
scoring_system epss
scoring_elements 0.59116
published_at 2026-04-07T12:55:00Z
2
value 0.00375
scoring_system epss
scoring_elements 0.59167
published_at 2026-04-08T12:55:00Z
3
value 0.00375
scoring_system epss
scoring_elements 0.5918
published_at 2026-04-09T12:55:00Z
4
value 0.00375
scoring_system epss
scoring_elements 0.592
published_at 2026-04-11T12:55:00Z
5
value 0.00375
scoring_system epss
scoring_elements 0.59183
published_at 2026-04-12T12:55:00Z
6
value 0.00375
scoring_system epss
scoring_elements 0.59164
published_at 2026-04-13T12:55:00Z
7
value 0.00375
scoring_system epss
scoring_elements 0.59199
published_at 2026-04-16T12:55:00Z
8
value 0.00375
scoring_system epss
scoring_elements 0.59204
published_at 2026-04-18T12:55:00Z
9
value 0.00375
scoring_system epss
scoring_elements 0.59129
published_at 2026-04-02T12:55:00Z
10
value 0.00375
scoring_system epss
scoring_elements 0.59152
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3875
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366287
reference_id 2366287
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366287
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
reference_id mfsa2025-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-34/
reference_id mfsa2025-34
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/
url https://www.mozilla.org/security/advisories/mfsa2025-34/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
reference_id mfsa2025-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-35/
reference_id mfsa2025-35
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/
url https://www.mozilla.org/security/advisories/mfsa2025-35/
8
reference_url https://access.redhat.com/errata/RHSA-2025:8196
reference_id RHSA-2025:8196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8196
9
reference_url https://access.redhat.com/errata/RHSA-2025:8203
reference_id RHSA-2025:8203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8203
10
reference_url https://access.redhat.com/errata/RHSA-2025:8324
reference_id RHSA-2025:8324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8324
11
reference_url https://access.redhat.com/errata/RHSA-2025:8325
reference_id RHSA-2025:8325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8325
12
reference_url https://access.redhat.com/errata/RHSA-2025:8326
reference_id RHSA-2025:8326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8326
13
reference_url https://access.redhat.com/errata/RHSA-2025:8391
reference_id RHSA-2025:8391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8391
14
reference_url https://access.redhat.com/errata/RHSA-2025:8507
reference_id RHSA-2025:8507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8507
15
reference_url https://access.redhat.com/errata/RHSA-2025:8594
reference_id RHSA-2025:8594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8594
16
reference_url https://access.redhat.com/errata/RHSA-2025:8756
reference_id RHSA-2025:8756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8756
17
reference_url https://access.redhat.com/errata/RHSA-2025:8784
reference_id RHSA-2025:8784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8784
18
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1950629
reference_id show_bug.cgi?id=1950629
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1950629
19
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-3875
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3rs-11fq-wqc4
6
url VCID-n9jq-77ud-v7c9
vulnerability_id VCID-n9jq-77ud-v7c9
summary 
When an email contains multiple attachments with external links
via the X-Mozilla-External-Attachment-URL header, only the last
link is shown when hovering over any attachment. Although the
correct link is used on click, the misleading hover text could
trick users into downloading content from untrusted sources.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3523
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.47696
published_at 2026-04-21T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47689
published_at 2026-04-08T12:55:00Z
2
value 0.00244
scoring_system epss
scoring_elements 0.47684
published_at 2026-04-09T12:55:00Z
3
value 0.00244
scoring_system epss
scoring_elements 0.47634
published_at 2026-04-07T12:55:00Z
4
value 0.00244
scoring_system epss
scoring_elements 0.47708
published_at 2026-04-11T12:55:00Z
5
value 0.00244
scoring_system epss
scoring_elements 0.47664
published_at 2026-04-02T12:55:00Z
6
value 0.00244
scoring_system epss
scoring_elements 0.47743
published_at 2026-04-18T12:55:00Z
7
value 0.00244
scoring_system epss
scoring_elements 0.47751
published_at 2026-04-16T12:55:00Z
8
value 0.00244
scoring_system epss
scoring_elements 0.47694
published_at 2026-04-13T12:55:00Z
9
value 0.00244
scoring_system epss
scoring_elements 0.47685
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3523
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359786
reference_id 2359786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2359786
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
reference_id mfsa2025-26
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-26/
reference_id mfsa2025-26
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/
url https://www.mozilla.org/security/advisories/mfsa2025-26/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
reference_id mfsa2025-27
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-27/
reference_id mfsa2025-27
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/
url https://www.mozilla.org/security/advisories/mfsa2025-27/
9
reference_url https://access.redhat.com/errata/RHSA-2025:4229
reference_id RHSA-2025:4229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4229
10
reference_url https://access.redhat.com/errata/RHSA-2025:4389
reference_id RHSA-2025:4389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4389
11
reference_url https://access.redhat.com/errata/RHSA-2025:4512
reference_id RHSA-2025:4512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4512
12
reference_url https://access.redhat.com/errata/RHSA-2025:4513
reference_id RHSA-2025:4513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4513
13
reference_url https://access.redhat.com/errata/RHSA-2025:4514
reference_id RHSA-2025:4514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4514
14
reference_url https://access.redhat.com/errata/RHSA-2025:4617
reference_id RHSA-2025:4617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4617
15
reference_url https://access.redhat.com/errata/RHSA-2025:4649
reference_id RHSA-2025:4649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4649
16
reference_url https://access.redhat.com/errata/RHSA-2025:4654
reference_id RHSA-2025:4654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4654
17
reference_url https://access.redhat.com/errata/RHSA-2025:4665
reference_id RHSA-2025:4665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4665
18
reference_url https://access.redhat.com/errata/RHSA-2025:7435
reference_id RHSA-2025:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7435
19
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
20
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1958385
reference_id show_bug.cgi?id=1958385
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1958385
21
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-3523
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9jq-77ud-v7c9
7
url VCID-pneu-6c1f-zkfa
vulnerability_id VCID-pneu-6c1f-zkfa
summary 
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header
can be exploited to execute JavaScript in the file:/// context. By crafting a
nested email attachment (message/rfc822) and setting its content type to
application/pdf, Thunderbird may incorrectly render it as HTML when
opened, allowing the embedded JavaScript to run without requiring a file
download. This behavior relies on Thunderbird auto-saving the attachment
to /tmp and linking to it via the file:/// protocol, potentially enabling
JavaScript execution as part of the HTML.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3909.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3909.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3909
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62117
published_at 2026-04-21T12:55:00Z
1
value 0.00422
scoring_system epss
scoring_elements 0.62028
published_at 2026-04-07T12:55:00Z
2
value 0.00422
scoring_system epss
scoring_elements 0.62078
published_at 2026-04-08T12:55:00Z
3
value 0.00422
scoring_system epss
scoring_elements 0.62095
published_at 2026-04-09T12:55:00Z
4
value 0.00422
scoring_system epss
scoring_elements 0.62115
published_at 2026-04-11T12:55:00Z
5
value 0.00422
scoring_system epss
scoring_elements 0.62104
published_at 2026-04-12T12:55:00Z
6
value 0.00422
scoring_system epss
scoring_elements 0.62083
published_at 2026-04-13T12:55:00Z
7
value 0.00422
scoring_system epss
scoring_elements 0.62127
published_at 2026-04-16T12:55:00Z
8
value 0.00422
scoring_system epss
scoring_elements 0.62133
published_at 2026-04-18T12:55:00Z
9
value 0.00422
scoring_system epss
scoring_elements 0.62027
published_at 2026-04-02T12:55:00Z
10
value 0.00422
scoring_system epss
scoring_elements 0.62058
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3909
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366283
reference_id 2366283
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366283
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
reference_id mfsa2025-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-34/
reference_id mfsa2025-34
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-34/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
reference_id mfsa2025-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-35/
reference_id mfsa2025-35
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-35/
8
reference_url https://access.redhat.com/errata/RHSA-2025:8196
reference_id RHSA-2025:8196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8196
9
reference_url https://access.redhat.com/errata/RHSA-2025:8203
reference_id RHSA-2025:8203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8203
10
reference_url https://access.redhat.com/errata/RHSA-2025:8324
reference_id RHSA-2025:8324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8324
11
reference_url https://access.redhat.com/errata/RHSA-2025:8325
reference_id RHSA-2025:8325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8325
12
reference_url https://access.redhat.com/errata/RHSA-2025:8326
reference_id RHSA-2025:8326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8326
13
reference_url https://access.redhat.com/errata/RHSA-2025:8391
reference_id RHSA-2025:8391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8391
14
reference_url https://access.redhat.com/errata/RHSA-2025:8507
reference_id RHSA-2025:8507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8507
15
reference_url https://access.redhat.com/errata/RHSA-2025:8594
reference_id RHSA-2025:8594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8594
16
reference_url https://access.redhat.com/errata/RHSA-2025:8756
reference_id RHSA-2025:8756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8756
17
reference_url https://access.redhat.com/errata/RHSA-2025:8784
reference_id RHSA-2025:8784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8784
18
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1958376
reference_id show_bug.cgi?id=1958376
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1958376
19
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-3909
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pneu-6c1f-zkfa
8
url VCID-rfve-tkv7-13dv
vulnerability_id VCID-rfve-tkv7-13dv
summary 
Thunderbird processes the X-Mozilla-External-Attachment-URL header
to handle attachments which can be hosted externally. When an
email is opened, Thunderbird accesses the specified URL to 
determine file size, and navigates to it when the user clicks the
attachment. Because the URL is not validated or sanitized, it can
reference internal resources like chrome:// or SMB share file:// links,
potentially leading to hashed Windows credential leakage and opening the
door to more serious security issues.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3522
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45837
published_at 2026-04-21T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.45872
published_at 2026-04-11T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.45796
published_at 2026-04-07T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.45853
published_at 2026-04-08T12:55:00Z
4
value 0.0023
scoring_system epss
scoring_elements 0.4585
published_at 2026-04-09T12:55:00Z
5
value 0.0023
scoring_system epss
scoring_elements 0.45824
published_at 2026-04-02T12:55:00Z
6
value 0.0023
scoring_system epss
scoring_elements 0.45892
published_at 2026-04-18T12:55:00Z
7
value 0.0023
scoring_system epss
scoring_elements 0.45898
published_at 2026-04-16T12:55:00Z
8
value 0.0023
scoring_system epss
scoring_elements 0.45845
published_at 2026-04-13T12:55:00Z
9
value 0.0023
scoring_system epss
scoring_elements 0.45842
published_at 2026-04-12T12:55:00Z
10
value 0.0023
scoring_system epss
scoring_elements 0.45846
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3522
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359793
reference_id 2359793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2359793
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
reference_id mfsa2025-26
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-26/
reference_id mfsa2025-26
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/
url https://www.mozilla.org/security/advisories/mfsa2025-26/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
reference_id mfsa2025-27
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-27/
reference_id mfsa2025-27
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/
url https://www.mozilla.org/security/advisories/mfsa2025-27/
9
reference_url https://access.redhat.com/errata/RHSA-2025:4229
reference_id RHSA-2025:4229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4229
10
reference_url https://access.redhat.com/errata/RHSA-2025:4389
reference_id RHSA-2025:4389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4389
11
reference_url https://access.redhat.com/errata/RHSA-2025:4512
reference_id RHSA-2025:4512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4512
12
reference_url https://access.redhat.com/errata/RHSA-2025:4513
reference_id RHSA-2025:4513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4513
13
reference_url https://access.redhat.com/errata/RHSA-2025:4514
reference_id RHSA-2025:4514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4514
14
reference_url https://access.redhat.com/errata/RHSA-2025:4617
reference_id RHSA-2025:4617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4617
15
reference_url https://access.redhat.com/errata/RHSA-2025:4649
reference_id RHSA-2025:4649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4649
16
reference_url https://access.redhat.com/errata/RHSA-2025:4654
reference_id RHSA-2025:4654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4654
17
reference_url https://access.redhat.com/errata/RHSA-2025:4665
reference_id RHSA-2025:4665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4665
18
reference_url https://access.redhat.com/errata/RHSA-2025:7435
reference_id RHSA-2025:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7435
19
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
20
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1955372
reference_id show_bug.cgi?id=1955372
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1955372
21
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-3522
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfve-tkv7-13dv
9
url VCID-uy2g-rmuh-pkbe
vulnerability_id VCID-uy2g-rmuh-pkbe
summary 
It was possible to craft an email that showed a tracking link as an
attachment. If the user attempted to open the attachment, Thunderbird
automatically accessed the link. The configuration to block remote content
did not prevent that. Thunderbird has been fixed to no longer allow access
to web pages listed in the X-Mozilla-External-Attachment-URL header of an
email.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3932.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3932.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3932
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51557
published_at 2026-04-21T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51463
published_at 2026-04-07T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51517
published_at 2026-04-08T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51515
published_at 2026-04-09T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51559
published_at 2026-04-11T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51538
published_at 2026-04-12T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51526
published_at 2026-04-13T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51569
published_at 2026-04-16T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51578
published_at 2026-04-18T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51477
published_at 2026-04-02T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51504
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3932
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366297
reference_id 2366297
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366297
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
reference_id mfsa2025-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-34/
reference_id mfsa2025-34
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/
url https://www.mozilla.org/security/advisories/mfsa2025-34/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
reference_id mfsa2025-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-35/
reference_id mfsa2025-35
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/
url https://www.mozilla.org/security/advisories/mfsa2025-35/
8
reference_url https://access.redhat.com/errata/RHSA-2025:8196
reference_id RHSA-2025:8196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8196
9
reference_url https://access.redhat.com/errata/RHSA-2025:8203
reference_id RHSA-2025:8203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8203
10
reference_url https://access.redhat.com/errata/RHSA-2025:8324
reference_id RHSA-2025:8324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8324
11
reference_url https://access.redhat.com/errata/RHSA-2025:8325
reference_id RHSA-2025:8325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8325
12
reference_url https://access.redhat.com/errata/RHSA-2025:8326
reference_id RHSA-2025:8326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8326
13
reference_url https://access.redhat.com/errata/RHSA-2025:8391
reference_id RHSA-2025:8391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8391
14
reference_url https://access.redhat.com/errata/RHSA-2025:8507
reference_id RHSA-2025:8507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8507
15
reference_url https://access.redhat.com/errata/RHSA-2025:8594
reference_id RHSA-2025:8594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8594
16
reference_url https://access.redhat.com/errata/RHSA-2025:8756
reference_id RHSA-2025:8756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8756
17
reference_url https://access.redhat.com/errata/RHSA-2025:8784
reference_id RHSA-2025:8784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8784
18
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1960412
reference_id show_bug.cgi?id=1960412
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1960412
19
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-3932
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy2g-rmuh-pkbe
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie