Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
Typedeb
Namespacedebian
Namethunderbird
Version1:128.10.1esr-1~deb12u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:128.10.1esr-1
Latest_non_vulnerable_version1:140.9.1esr-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-n3rs-11fq-wqc4
vulnerability_id VCID-n3rs-11fq-wqc4
summary 
Thunderbird parses addresses in a way that can allow sender
spoofing in case the server allows an invalid From address to be
used. For example, if the From header contains an (invalid) value
"Spoofed Name  ",
Thunderbird treats spoofed@example.com as the actual address.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3875.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3875.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3875
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.5918
published_at 2026-04-09T12:55:00Z
1
value 0.00375
scoring_system epss
scoring_elements 0.59116
published_at 2026-04-07T12:55:00Z
2
value 0.00375
scoring_system epss
scoring_elements 0.59167
published_at 2026-04-08T12:55:00Z
3
value 0.00375
scoring_system epss
scoring_elements 0.592
published_at 2026-04-11T12:55:00Z
4
value 0.00375
scoring_system epss
scoring_elements 0.59129
published_at 2026-04-02T12:55:00Z
5
value 0.00375
scoring_system epss
scoring_elements 0.59204
published_at 2026-04-18T12:55:00Z
6
value 0.00375
scoring_system epss
scoring_elements 0.59199
published_at 2026-04-16T12:55:00Z
7
value 0.00375
scoring_system epss
scoring_elements 0.59164
published_at 2026-04-13T12:55:00Z
8
value 0.00375
scoring_system epss
scoring_elements 0.59183
published_at 2026-04-12T12:55:00Z
9
value 0.00375
scoring_system epss
scoring_elements 0.59152
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3875
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366287
reference_id 2366287
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366287
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
reference_id mfsa2025-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-34/
reference_id mfsa2025-34
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/
url https://www.mozilla.org/security/advisories/mfsa2025-34/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
reference_id mfsa2025-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-35/
reference_id mfsa2025-35
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/
url https://www.mozilla.org/security/advisories/mfsa2025-35/
8
reference_url https://access.redhat.com/errata/RHSA-2025:8196
reference_id RHSA-2025:8196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8196
9
reference_url https://access.redhat.com/errata/RHSA-2025:8203
reference_id RHSA-2025:8203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8203
10
reference_url https://access.redhat.com/errata/RHSA-2025:8324
reference_id RHSA-2025:8324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8324
11
reference_url https://access.redhat.com/errata/RHSA-2025:8325
reference_id RHSA-2025:8325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8325
12
reference_url https://access.redhat.com/errata/RHSA-2025:8326
reference_id RHSA-2025:8326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8326
13
reference_url https://access.redhat.com/errata/RHSA-2025:8391
reference_id RHSA-2025:8391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8391
14
reference_url https://access.redhat.com/errata/RHSA-2025:8507
reference_id RHSA-2025:8507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8507
15
reference_url https://access.redhat.com/errata/RHSA-2025:8594
reference_id RHSA-2025:8594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8594
16
reference_url https://access.redhat.com/errata/RHSA-2025:8756
reference_id RHSA-2025:8756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8756
17
reference_url https://access.redhat.com/errata/RHSA-2025:8784
reference_id RHSA-2025:8784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8784
18
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1950629
reference_id show_bug.cgi?id=1950629
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:52:16Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1950629
19
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-3875
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3rs-11fq-wqc4
1
url VCID-pneu-6c1f-zkfa
vulnerability_id VCID-pneu-6c1f-zkfa
summary 
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header
can be exploited to execute JavaScript in the file:/// context. By crafting a
nested email attachment (message/rfc822) and setting its content type to
application/pdf, Thunderbird may incorrectly render it as HTML when
opened, allowing the embedded JavaScript to run without requiring a file
download. This behavior relies on Thunderbird auto-saving the attachment
to /tmp and linking to it via the file:/// protocol, potentially enabling
JavaScript execution as part of the HTML.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3909.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3909.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3909
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62095
published_at 2026-04-09T12:55:00Z
1
value 0.00422
scoring_system epss
scoring_elements 0.62028
published_at 2026-04-07T12:55:00Z
2
value 0.00422
scoring_system epss
scoring_elements 0.62078
published_at 2026-04-08T12:55:00Z
3
value 0.00422
scoring_system epss
scoring_elements 0.62115
published_at 2026-04-11T12:55:00Z
4
value 0.00422
scoring_system epss
scoring_elements 0.62027
published_at 2026-04-02T12:55:00Z
5
value 0.00422
scoring_system epss
scoring_elements 0.62133
published_at 2026-04-18T12:55:00Z
6
value 0.00422
scoring_system epss
scoring_elements 0.62127
published_at 2026-04-16T12:55:00Z
7
value 0.00422
scoring_system epss
scoring_elements 0.62083
published_at 2026-04-13T12:55:00Z
8
value 0.00422
scoring_system epss
scoring_elements 0.62104
published_at 2026-04-12T12:55:00Z
9
value 0.00422
scoring_system epss
scoring_elements 0.62058
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3909
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366283
reference_id 2366283
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366283
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
reference_id mfsa2025-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-34/
reference_id mfsa2025-34
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-34/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
reference_id mfsa2025-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-35/
reference_id mfsa2025-35
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-35/
8
reference_url https://access.redhat.com/errata/RHSA-2025:8196
reference_id RHSA-2025:8196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8196
9
reference_url https://access.redhat.com/errata/RHSA-2025:8203
reference_id RHSA-2025:8203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8203
10
reference_url https://access.redhat.com/errata/RHSA-2025:8324
reference_id RHSA-2025:8324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8324
11
reference_url https://access.redhat.com/errata/RHSA-2025:8325
reference_id RHSA-2025:8325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8325
12
reference_url https://access.redhat.com/errata/RHSA-2025:8326
reference_id RHSA-2025:8326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8326
13
reference_url https://access.redhat.com/errata/RHSA-2025:8391
reference_id RHSA-2025:8391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8391
14
reference_url https://access.redhat.com/errata/RHSA-2025:8507
reference_id RHSA-2025:8507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8507
15
reference_url https://access.redhat.com/errata/RHSA-2025:8594
reference_id RHSA-2025:8594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8594
16
reference_url https://access.redhat.com/errata/RHSA-2025:8756
reference_id RHSA-2025:8756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8756
17
reference_url https://access.redhat.com/errata/RHSA-2025:8784
reference_id RHSA-2025:8784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8784
18
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1958376
reference_id show_bug.cgi?id=1958376
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-16T03:55:44Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1958376
19
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-3909
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pneu-6c1f-zkfa
2
url VCID-uy2g-rmuh-pkbe
vulnerability_id VCID-uy2g-rmuh-pkbe
summary 
It was possible to craft an email that showed a tracking link as an
attachment. If the user attempted to open the attachment, Thunderbird
automatically accessed the link. The configuration to block remote content
did not prevent that. Thunderbird has been fixed to no longer allow access
to web pages listed in the X-Mozilla-External-Attachment-URL header of an
email.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3932.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3932.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3932
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51515
published_at 2026-04-09T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51463
published_at 2026-04-07T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51517
published_at 2026-04-08T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51559
published_at 2026-04-11T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51477
published_at 2026-04-02T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51578
published_at 2026-04-18T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51569
published_at 2026-04-16T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51526
published_at 2026-04-13T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51538
published_at 2026-04-12T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51504
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3932
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366297
reference_id 2366297
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366297
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
reference_id mfsa2025-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-34
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-34/
reference_id mfsa2025-34
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/
url https://www.mozilla.org/security/advisories/mfsa2025-34/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
reference_id mfsa2025-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-35
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-35/
reference_id mfsa2025-35
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/
url https://www.mozilla.org/security/advisories/mfsa2025-35/
8
reference_url https://access.redhat.com/errata/RHSA-2025:8196
reference_id RHSA-2025:8196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8196
9
reference_url https://access.redhat.com/errata/RHSA-2025:8203
reference_id RHSA-2025:8203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8203
10
reference_url https://access.redhat.com/errata/RHSA-2025:8324
reference_id RHSA-2025:8324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8324
11
reference_url https://access.redhat.com/errata/RHSA-2025:8325
reference_id RHSA-2025:8325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8325
12
reference_url https://access.redhat.com/errata/RHSA-2025:8326
reference_id RHSA-2025:8326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8326
13
reference_url https://access.redhat.com/errata/RHSA-2025:8391
reference_id RHSA-2025:8391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8391
14
reference_url https://access.redhat.com/errata/RHSA-2025:8507
reference_id RHSA-2025:8507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8507
15
reference_url https://access.redhat.com/errata/RHSA-2025:8594
reference_id RHSA-2025:8594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8594
16
reference_url https://access.redhat.com/errata/RHSA-2025:8756
reference_id RHSA-2025:8756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8756
17
reference_url https://access.redhat.com/errata/RHSA-2025:8784
reference_id RHSA-2025:8784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8784
18
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1960412
reference_id show_bug.cgi?id=1960412
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:40:19Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1960412
19
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.10.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dw5-vpt8-zqbz
1
vulnerability VCID-9ag7-z86d-nba9
2
vulnerability VCID-qbzp-euvv-q7c7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie
7
url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie
aliases CVE-2025-3932
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy2g-rmuh-pkbe
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb12u1%3Fdistro=trixie