{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","type":"deb","namespace":"debian","name":"firefox-esr","version":"140.8.0esr-1~deb13u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"140.10.1esr-1~deb12u1","latest_non_vulnerable_version":"140.10.1esr-1~deb12u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62703?format=json","vulnerability_id":"VCID-13he-qsr4-h3d4","summary":"Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4709","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06266","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0629","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06339","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06355","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06362","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06322","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.063","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07156","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07114","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450726","reference_id":"2450726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450726"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016329","reference_id":"show_bug.cgi?id=2016329","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016329"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016342","reference_id":"show_bug.cgi?id=2016342","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016342"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4709"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13he-qsr4-h3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62709?format=json","vulnerability_id":"VCID-1fv1-edht-ufag","summary":"Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4715","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450723","reference_id":"2450723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450723"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018405","reference_id":"show_bug.cgi?id=2018405","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018405"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4715"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fv1-edht-ufag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354952?format=json","vulnerability_id":"VCID-1y9d-wx59-fyh2","summary":"Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Firefox ESR 140.10.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7323","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10831","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17847","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7323"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602","reference_id":"buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-35/","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-35/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-38/","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-38/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089390?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.1esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088977?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.1esr-1"}],"aliases":["CVE-2026-7323"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1y9d-wx59-fyh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62708?format=json","vulnerability_id":"VCID-23eu-22t2-cydd","summary":"Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4714","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450725","reference_id":"2450725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450725"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018126","reference_id":"show_bug.cgi?id=2018126","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018126"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4714"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23eu-22t2-cydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62686?format=json","vulnerability_id":"VCID-26d3-ctnj-7kbh","summary":"Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4691","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10204","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10264","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10228","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10131","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10166","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11121","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11187","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450738","reference_id":"2450738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450738"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017512","reference_id":"show_bug.cgi?id=2017512","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017512"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4691"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26d3-ctnj-7kbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62710?format=json","vulnerability_id":"VCID-289s-f2w6-53g9","summary":"Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4716","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4716"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450720","reference_id":"2450720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450720"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018592","reference_id":"show_bug.cgi?id=2018592","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4716"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-289s-f2w6-53g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353248?format=json","vulnerability_id":"VCID-2fqb-r5zb-a7dp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6748.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6748","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19678","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19572","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460103","reference_id":"2460103","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460103"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022604","reference_id":"show_bug.cgi?id=2022604","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6748"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fqb-r5zb-a7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62693?format=json","vulnerability_id":"VCID-351y-4nek-u3aw","summary":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4698","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12851","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12871","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14005","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13883","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450719","reference_id":"2450719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450719"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020906","reference_id":"show_bug.cgi?id=2020906","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020906"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4698"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-351y-4nek-u3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62714?format=json","vulnerability_id":"VCID-3grf-hwk1-3fh8","summary":"Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4719","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450746","reference_id":"2450746","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450746"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016367","reference_id":"show_bug.cgi?id=2016367","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016367"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4719"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3grf-hwk1-3fh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62716?format=json","vulnerability_id":"VCID-3kd3-hwzv-efbn","summary":"Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4721","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06155","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06333","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06184","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06213","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06228","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06198","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06172","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06141","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06352","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06979","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07015","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06999","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450711","reference_id":"2450711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450711"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676","reference_id":"buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4721"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kd3-hwzv-efbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353261?format=json","vulnerability_id":"VCID-3kv6-c148-nkhq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6765.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6765","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09518","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09553","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13012","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12916","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460107","reference_id":"2460107","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460107"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022419","reference_id":"show_bug.cgi?id=2022419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022419"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6765"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kv6-c148-nkhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62699?format=json","vulnerability_id":"VCID-3xgu-7evz-mffw","summary":"Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4705","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0563","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05565","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0562","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05629","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05557","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05769","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05737","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06284","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450722","reference_id":"2450722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450722"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014873","reference_id":"show_bug.cgi?id=2014873","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4705"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xgu-7evz-mffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62715?format=json","vulnerability_id":"VCID-4q6w-tdk9-d3an","summary":"Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4720","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450751","reference_id":"2450751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450751"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733","reference_id":"buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4720"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q6w-tdk9-d3an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353265?format=json","vulnerability_id":"VCID-59d3-343b-e3aw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6770.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6770","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17847","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17991","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460079","reference_id":"2460079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460079"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2024220","reference_id":"show_bug.cgi?id=2024220","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2024220"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6770"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59d3-343b-e3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349997?format=json","vulnerability_id":"VCID-5dw5-vpt8-zqbz","summary":"Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5731","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17176","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17223","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17244","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19922","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20168","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20167","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20048","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20043","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20012","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21867","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21869","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455901","reference_id":"2455901","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455901"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-26","reference_id":"mfsa2026-26","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-26/","reference_id":"mfsa2026-26","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-26/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-27/","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-27/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-29/","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-29/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1072927?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1056066?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1"}],"aliases":["CVE-2026-5731"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dw5-vpt8-zqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353257?format=json","vulnerability_id":"VCID-61r1-arbe-dke4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6761.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6761","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12334","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13201","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13298","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460099","reference_id":"2460099","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460099"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017857","reference_id":"show_bug.cgi?id=2017857","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017857"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6761"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-61r1-arbe-dke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62682?format=json","vulnerability_id":"VCID-646f-ndeq-5bee","summary":"Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4687","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06388","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06385","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06468","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06425","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06543","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07217","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07205","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07233","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450757","reference_id":"2450757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450757"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016368","reference_id":"show_bug.cgi?id=2016368","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016368"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4687"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-646f-ndeq-5bee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62683?format=json","vulnerability_id":"VCID-675n-7uzz-pqdj","summary":"Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4688","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05422","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05385","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05449","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05355","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05519","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06114","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06095","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06089","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450713","reference_id":"2450713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450713"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016373","reference_id":"show_bug.cgi?id=2016373","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4688"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-675n-7uzz-pqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62712?format=json","vulnerability_id":"VCID-77y6-jskt-qucb","summary":"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59375","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12038","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14998","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15748","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15808","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15871","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18108","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18215","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18262","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18121","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18164","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libexpat/libexpat/issues/1018","reference_id":"1018","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/issues/1018"},{"reference_url":"https://github.com/libexpat/libexpat/pull/1034","reference_id":"1034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/pull/1034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298","reference_id":"1115298","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395108","reference_id":"2395108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395108"},{"reference_url":"https://issues.oss-fuzz.com/issues/439133977","reference_id":"439133977","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://issues.oss-fuzz.com/issues/439133977"},{"reference_url":"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes","reference_id":"Changes","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"},{"reference_url":"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74","reference_id":"Changes#L45-L74","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19020","reference_id":"RHSA-2025:19020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19403","reference_id":"RHSA-2025:19403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21030","reference_id":"RHSA-2025:21030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21773","reference_id":"RHSA-2025:21773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21776","reference_id":"RHSA-2025:21776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21974","reference_id":"RHSA-2025:21974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22033","reference_id":"RHSA-2025:22033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22034","reference_id":"RHSA-2025:22034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22035","reference_id":"RHSA-2025:22035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22175","reference_id":"RHSA-2025:22175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22607","reference_id":"RHSA-2025:22607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22607"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22618","reference_id":"RHSA-2025:22618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22785","reference_id":"RHSA-2025:22785","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22842","reference_id":"RHSA-2025:22842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22871","reference_id":"RHSA-2025:22871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22935","reference_id":"RHSA-2025:22935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23202","reference_id":"RHSA-2025:23202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23227","reference_id":"RHSA-2025:23227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23248","reference_id":"RHSA-2025:23248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23550","reference_id":"RHSA-2025:23550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0001","reference_id":"RHSA-2026:0001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0076","reference_id":"RHSA-2026:0076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0077","reference_id":"RHSA-2026:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0078","reference_id":"RHSA-2026:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0326","reference_id":"RHSA-2026:0326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0332","reference_id":"RHSA-2026:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0420","reference_id":"RHSA-2026:0420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0518","reference_id":"RHSA-2026:0518","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0518"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0674","reference_id":"RHSA-2026:0674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0677","reference_id":"RHSA-2026:0677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0702","reference_id":"RHSA-2026:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0996","reference_id":"RHSA-2026:0996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1541","reference_id":"RHSA-2026:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3407","reference_id":"RHSA-2026:3407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5396","reference_id":"RHSA-2026:5396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5396"},{"reference_url":"https://usn.ubuntu.com/8022-1/","reference_id":"USN-8022-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8022-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2025-59375"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77y6-jskt-qucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353262?format=json","vulnerability_id":"VCID-7jt2-zr49-7ye5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6766.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6766","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09926","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09893","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13359","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13452","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460097","reference_id":"2460097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460097"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023207","reference_id":"show_bug.cgi?id=2023207","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023207"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6766"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jt2-zr49-7ye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62690?format=json","vulnerability_id":"VCID-8qyy-e4jt-rbc4","summary":"Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4695","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450715","reference_id":"2450715","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450715"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020030","reference_id":"show_bug.cgi?id=2020030","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4695"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qyy-e4jt-rbc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62756?format=json","vulnerability_id":"VCID-8vka-qus2-tbhj","summary":"Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2447","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03958","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03839","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03829","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0385","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03877","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03896","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03927","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05179","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0519","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05192","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283","reference_id":"1128283","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440219","reference_id":"2440219","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440219"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-10","reference_id":"mfsa2026-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-10"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-10/","reference_id":"mfsa2026-10","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-10/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-11","reference_id":"mfsa2026-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-11"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-11/","reference_id":"mfsa2026-11","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-11/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3967","reference_id":"RHSA-2026:3967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4447","reference_id":"RHSA-2026:4447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4629","reference_id":"RHSA-2026:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5227","reference_id":"RHSA-2026:5227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5228","reference_id":"RHSA-2026:5228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5229","reference_id":"RHSA-2026:5229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5230","reference_id":"RHSA-2026:5230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5231","reference_id":"RHSA-2026:5231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5319","reference_id":"RHSA-2026:5319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5320","reference_id":"RHSA-2026:5320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5323","reference_id":"RHSA-2026:5323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5324","reference_id":"RHSA-2026:5324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5326","reference_id":"RHSA-2026:5326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014390","reference_id":"show_bug.cgi?id=2014390","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014390"},{"reference_url":"https://usn.ubuntu.com/8053-1/","reference_id":"USN-8053-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8053-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-2447"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vka-qus2-tbhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62684?format=json","vulnerability_id":"VCID-8xek-k5y2-6bfp","summary":"Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4689","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07536","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07623","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07637","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07649","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07556","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07676","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08401","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08368","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08321","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450718","reference_id":"2450718","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450718"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016374","reference_id":"show_bug.cgi?id=2016374","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016374"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4689"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xek-k5y2-6bfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353251?format=json","vulnerability_id":"VCID-95et-ezmb-buau","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6751.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6751","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17847","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460109","reference_id":"2460109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460109"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025883","reference_id":"show_bug.cgi?id=2025883","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025883"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6751"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95et-ezmb-buau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349998?format=json","vulnerability_id":"VCID-9ag7-z86d-nba9","summary":"Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5734","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13903","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13955","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13912","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18602","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18556","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1828","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18413","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18576","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18547","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455897","reference_id":"2455897","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455897"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505","reference_id":"buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-27/","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-27/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-29/","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-29/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1072927?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1056066?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1"}],"aliases":["CVE-2026-5734"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ag7-z86d-nba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353259?format=json","vulnerability_id":"VCID-9nbw-7c9e-13af","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6763.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6763","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12897","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17154","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17294","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460101","reference_id":"2460101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460101"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021666","reference_id":"show_bug.cgi?id=2021666","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021666"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6763"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nbw-7c9e-13af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354949?format=json","vulnerability_id":"VCID-9uk1-zvat-5qc9","summary":"Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7320","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0871","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15039","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7320"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7320","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7320"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-35/","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-35/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-37","reference_id":"mfsa2026-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-37"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-37/","reference_id":"mfsa2026-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-37/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-38/","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-38/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027433","reference_id":"show_bug.cgi?id=2027433","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027433"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089390?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.1esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088977?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.1esr-1"}],"aliases":["CVE-2026-7320"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uk1-zvat-5qc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353258?format=json","vulnerability_id":"VCID-av7u-3g4m-mugm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6762.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6762","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12323","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12289","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13289","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13192","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460076","reference_id":"2460076","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460076"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021080","reference_id":"show_bug.cgi?id=2021080","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021080"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6762"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-av7u-3g4m-mugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62701?format=json","vulnerability_id":"VCID-b4bq-q3ga-3ff1","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4707","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03727","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03554","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04305","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04325","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04339","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450755","reference_id":"2450755","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450755"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015267","reference_id":"show_bug.cgi?id=2015267","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015267"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4707"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4bq-q3ga-3ff1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62691?format=json","vulnerability_id":"VCID-b6sf-z5tm-4uau","summary":"Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4696","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07567","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08236","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08267","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08301","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450740","reference_id":"2450740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450740"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020190","reference_id":"show_bug.cgi?id=2020190","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4696"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6sf-z5tm-4uau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353250?format=json","vulnerability_id":"VCID-bwth-uepr-z7a3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6750.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6750","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12533","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13473","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13564","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14809","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460102","reference_id":"2460102","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460102"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023407","reference_id":"show_bug.cgi?id=2023407","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6750"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwth-uepr-z7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353246?format=json","vulnerability_id":"VCID-cjsm-7gxr-8ygw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6746.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6746","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14812","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19472","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19359","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460112","reference_id":"2460112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460112"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014596","reference_id":"show_bug.cgi?id=2014596","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014596"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6746"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjsm-7gxr-8ygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353252?format=json","vulnerability_id":"VCID-d16s-p141-qbft","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6752.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6752","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15177","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15181","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19785","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.1988","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460078","reference_id":"2460078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460078"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027499","reference_id":"show_bug.cgi?id=2027499","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6752"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d16s-p141-qbft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62694?format=json","vulnerability_id":"VCID-e2k8-m9sm-8uek","summary":"Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4699","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450739","reference_id":"2450739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450739"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021863","reference_id":"show_bug.cgi?id=2021863","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021863"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4699"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2k8-m9sm-8uek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19209?format=json","vulnerability_id":"VCID-f81v-9fv8-93cd","summary":"Out-of-bounds Write\nHeap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87722","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87728","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.8774","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87733","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87745","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88729","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88723","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88738","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88728","published_at":"2026-04-29T12:55:00Z"},{"value":"0.049","scoring_system":"epss","scoring_elements":"0.89576","published_at":"2026-04-07T12:55:00Z"},{"value":"0.049","scoring_system":"epss","scoring_elements":"0.89562","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5217"},{"reference_url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software"},{"reference_url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241191","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241191"},{"reference_url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html"},{"reference_url":"https://crbug.com/1486441","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://crbug.com/1486441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/12"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/16","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/16"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/40022","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40022"},{"reference_url":"https://github.com/electron/electron/pull/40023","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40023"},{"reference_url":"https://github.com/electron/electron/pull/40024","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40024"},{"reference_url":"https://github.com/electron/electron/pull/40025","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40025"},{"reference_url":"https://github.com/electron/electron/pull/40026","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40026"},{"reference_url":"https://github.com/electron/electron/releases/tag/v22.3.25","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v22.3.25"},{"reference_url":"https://github.com/electron/electron/releases/tag/v24.8.5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v24.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v25.8.4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v25.8.4"},{"reference_url":"https://github.com/electron/electron/releases/tag/v26.2.4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v26.2.4"},{"reference_url":"https://github.com/electron/electron/releases/tag/v27.0.0-beta.8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v27.0.0-beta.8"},{"reference_url":"https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590"},{"reference_url":"https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282"},{"reference_url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1"},{"reference_url":"https://github.com/webmproject/libvpx/tags","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/tags"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"},{"reference_url":"https://pastebin.com/TdkC4pDv","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://pastebin.com/TdkC4pDv"},{"reference_url":"https://security.gentoo.org/glsa/202310-04","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security.gentoo.org/glsa/202310-04"},{"reference_url":"https://security.gentoo.org/glsa/202401-34","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security.gentoo.org/glsa/202401-34"},{"reference_url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217"},{"reference_url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/"},{"reference_url":"https://support.apple.com/kb/HT213961","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://support.apple.com/kb/HT213961"},{"reference_url":"https://support.apple.com/kb/HT213972","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://support.apple.com/kb/HT213972"},{"reference_url":"https://twitter.com/maddiestone/status/1707163313711497266","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://twitter.com/maddiestone/status/1707163313711497266"},{"reference_url":"https://www.debian.org/security/2023/dsa-5508","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5508"},{"reference_url":"https://www.debian.org/security/2023/dsa-5509","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5509"},{"reference_url":"https://www.debian.org/security/2023/dsa-5510","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5510"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"critical","scoring_system":"generic_textual","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/09/28/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/09/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/14","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/02/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/11"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182","reference_id":"1053182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","reference_id":"AY642Z6JZODQJE7Z62CFREVUHEGCXGPD","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5217","reference_id":"CVE-2023-5217","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5217"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-5217","reference_id":"CVE-2023-5217","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2023-5217"},{"reference_url":"https://github.com/advisories/GHSA-qqvq-6xgj-jw8g","reference_id":"GHSA-qqvq-6xgj-jw8g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqvq-6xgj-jw8g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5426","reference_id":"RHSA-2023:5426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5427","reference_id":"RHSA-2023:5427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5428","reference_id":"RHSA-2023:5428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5429","reference_id":"RHSA-2023:5429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5430","reference_id":"RHSA-2023:5430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5432","reference_id":"RHSA-2023:5432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5433","reference_id":"RHSA-2023:5433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5434","reference_id":"RHSA-2023:5434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5435","reference_id":"RHSA-2023:5435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5436","reference_id":"RHSA-2023:5436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5437","reference_id":"RHSA-2023:5437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5438","reference_id":"RHSA-2023:5438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5439","reference_id":"RHSA-2023:5439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5440","reference_id":"RHSA-2023:5440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5475","reference_id":"RHSA-2023:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5477","reference_id":"RHSA-2023:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5534","reference_id":"RHSA-2023:5534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5535","reference_id":"RHSA-2023:5535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5536","reference_id":"RHSA-2023:5536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5537","reference_id":"RHSA-2023:5537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5538","reference_id":"RHSA-2023:5538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5539","reference_id":"RHSA-2023:5539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5540","reference_id":"RHSA-2023:5540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5540"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","reference_id":"TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"},{"reference_url":"https://usn.ubuntu.com/6403-1/","reference_id":"USN-6403-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-1/"},{"reference_url":"https://usn.ubuntu.com/6403-2/","reference_id":"USN-6403-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-2/"},{"reference_url":"https://usn.ubuntu.com/6403-3/","reference_id":"USN-6403-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-3/"},{"reference_url":"https://usn.ubuntu.com/6404-1/","reference_id":"USN-6404-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6404-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"},{"reference_url":"https://usn.ubuntu.com/7172-1/","reference_id":"USN-7172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1056066?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088977?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.1esr-1"}],"aliases":["CVE-2023-5217","GHSA-qqvq-6xgj-jw8g"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f81v-9fv8-93cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62697?format=json","vulnerability_id":"VCID-ft6u-geds-fua9","summary":"JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4702","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450744","reference_id":"2450744","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450744"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013560","reference_id":"show_bug.cgi?id=2013560","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4702"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ft6u-geds-fua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353263?format=json","vulnerability_id":"VCID-fxjm-ywug-f3d5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6767.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6767","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10758","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10742","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14546","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14669","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460086","reference_id":"2460086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460086"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023209","reference_id":"show_bug.cgi?id=2023209","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023209"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjm-ywug-f3d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62687?format=json","vulnerability_id":"VCID-gkva-6cu9-7keg","summary":"Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4692","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0698","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06995","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07064","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07075","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07068","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07002","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06948","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07112","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07741","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07769","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07792","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450748","reference_id":"2450748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450748"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017643","reference_id":"show_bug.cgi?id=2017643","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017643"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4692"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkva-6cu9-7keg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353267?format=json","vulnerability_id":"VCID-hk2m-rbdy-nqhc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6772.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6772","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11157","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15173","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15039","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460074","reference_id":"2460074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460074"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026089","reference_id":"show_bug.cgi?id=2026089","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026089"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6772"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hk2m-rbdy-nqhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62698?format=json","vulnerability_id":"VCID-hshc-4xnc-gug4","summary":"Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4704","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450756","reference_id":"2450756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450756"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014868","reference_id":"show_bug.cgi?id=2014868","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4704"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hshc-4xnc-gug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62711?format=json","vulnerability_id":"VCID-hstd-23qm-bqdg","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4717","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4717"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450712","reference_id":"2450712","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450712"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021695","reference_id":"show_bug.cgi?id=2021695","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021695"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4717"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hstd-23qm-bqdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62688?format=json","vulnerability_id":"VCID-j1hb-8jjy-tqgq","summary":"Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4693","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450741","reference_id":"2450741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450741"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018102","reference_id":"show_bug.cgi?id=2018102","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018102"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4693"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1hb-8jjy-tqgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62707?format=json","vulnerability_id":"VCID-kuwd-6tcg-fuha","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4713","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450730","reference_id":"2450730","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450730"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018113","reference_id":"show_bug.cgi?id=2018113","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018113"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4713"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwd-6tcg-fuha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62695?format=json","vulnerability_id":"VCID-m6uv-91wz-xfdv","summary":"Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4700","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05939","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05905","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0594","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0595","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05959","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05901","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05978","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06091","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06069","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05916","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06612","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06638","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06619","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4700"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450752","reference_id":"2450752","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450752"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003766","reference_id":"show_bug.cgi?id=2003766","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003766"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4700"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6uv-91wz-xfdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353260?format=json","vulnerability_id":"VCID-ma29-qa7e-9qb4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6764.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6764","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1345","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1785","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17994","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460106","reference_id":"2460106","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022162","reference_id":"show_bug.cgi?id=2022162","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022162"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6764"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ma29-qa7e-9qb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62679?format=json","vulnerability_id":"VCID-mm6w-kpe8-4kg3","summary":"Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4684","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0283","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02854","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02837","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02935","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02941","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03623","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03669","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03624","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450721","reference_id":"2450721","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450721"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011129","reference_id":"show_bug.cgi?id=2011129","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011129"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4684"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mm6w-kpe8-4kg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354950?format=json","vulnerability_id":"VCID-ndwm-svz7-5uen","summary":"Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7321","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1113","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1364","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7321"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7321","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7321"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029461","reference_id":"show_bug.cgi?id=2029461","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029461"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089390?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.1esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088977?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.1esr-1"}],"aliases":["CVE-2026-7321"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndwm-svz7-5uen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353264?format=json","vulnerability_id":"VCID-nge1-4cvg-zqb2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6769.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6769","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12334","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13298","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13201","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460108","reference_id":"2460108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460108"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023753","reference_id":"show_bug.cgi?id=2023753","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023753"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6769"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nge1-4cvg-zqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62713?format=json","vulnerability_id":"VCID-nvsz-9s3r-nbhq","summary":"Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4718","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01693","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01676","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01686","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01701","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01692","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01768","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01757","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02174","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02218","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02185","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450742","reference_id":"2450742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450742"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014864","reference_id":"show_bug.cgi?id=2014864","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014864"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4718"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvsz-9s3r-nbhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353268?format=json","vulnerability_id":"VCID-nyum-jpbc-abew","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6776.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6776","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01775","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0177","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02155","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.022","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460110","reference_id":"2460110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460110"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021770","reference_id":"show_bug.cgi?id=2021770","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6776"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyum-jpbc-abew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353270?format=json","vulnerability_id":"VCID-p6yz-xs58-u3gm","summary":"Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6786.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6786","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14113","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19572","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19678","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460088","reference_id":"2460088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460088"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6786"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yz-xs58-u3gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353269?format=json","vulnerability_id":"VCID-pfmd-zv8f-8bfc","summary":"Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6785.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6785","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16997","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16978","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19922","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20012","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460104","reference_id":"2460104","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460104"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6785"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfmd-zv8f-8bfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353255?format=json","vulnerability_id":"VCID-q689-wneh-hbdq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6757.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6757","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11204","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1214","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12224","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460085","reference_id":"2460085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460085"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013588","reference_id":"show_bug.cgi?id=2013588","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013588"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6757"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q689-wneh-hbdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353249?format=json","vulnerability_id":"VCID-q8qp-5szp-mfe8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6749.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6749","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11157","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15039","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15173","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460096","reference_id":"2460096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460096"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022610","reference_id":"show_bug.cgi?id=2022610","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022610"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6749"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8qp-5szp-mfe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349995?format=json","vulnerability_id":"VCID-qbzp-euvv-q7c7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5732","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1175","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11789","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11778","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12621","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12835","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12738","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12742","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12843","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12862","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12824","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12717","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455908","reference_id":"2455908","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455908"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-27/","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-27/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-29/","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-29/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017867","reference_id":"show_bug.cgi?id=2017867","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1072927?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1056066?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1"}],"aliases":["CVE-2026-5732"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbzp-euvv-q7c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62700?format=json","vulnerability_id":"VCID-qkks-24cp-gqg2","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4706","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450714","reference_id":"2450714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450714"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015091","reference_id":"show_bug.cgi?id=2015091","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015091"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4706"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkks-24cp-gqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62696?format=json","vulnerability_id":"VCID-rp5h-ym8y-skbw","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4701","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450710","reference_id":"2450710","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450710"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009303","reference_id":"show_bug.cgi?id=2009303","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4701"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp5h-ym8y-skbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353253?format=json","vulnerability_id":"VCID-ruqn-mk9t-57hb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6753.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6753","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17847","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460092","reference_id":"2460092","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460092"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027501","reference_id":"show_bug.cgi?id=2027501","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027501"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6753"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruqn-mk9t-57hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62680?format=json","vulnerability_id":"VCID-t4t3-5pt5-ayds","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4685","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450724","reference_id":"2450724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450724"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016349","reference_id":"show_bug.cgi?id=2016349","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016349"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4685"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4t3-5pt5-ayds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353266?format=json","vulnerability_id":"VCID-tv7r-qf2c-dqbm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6771.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6771","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14505","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19115","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19007","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460105","reference_id":"2460105","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460105"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025067","reference_id":"show_bug.cgi?id=2025067","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025067"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6771"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7r-qf2c-dqbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62681?format=json","vulnerability_id":"VCID-u3j3-fc4f-7ff7","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4686","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450734","reference_id":"2450734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450734"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016351","reference_id":"show_bug.cgi?id=2016351","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016351"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4686"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3j3-fc4f-7ff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353254?format=json","vulnerability_id":"VCID-w98r-yagc-kkec","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6754.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6754","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14812","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19359","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19472","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460075","reference_id":"2460075","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460075"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027541","reference_id":"show_bug.cgi?id=2027541","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027541"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6754"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w98r-yagc-kkec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62692?format=json","vulnerability_id":"VCID-wmyy-2cg3-wyhc","summary":"Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4697","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450729","reference_id":"2450729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450729"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020422","reference_id":"show_bug.cgi?id=2020422","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020422"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4697"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmyy-2cg3-wyhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62685?format=json","vulnerability_id":"VCID-wqw2-gjvu-6qbu","summary":"Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4690","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03218","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03055","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03754","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03758","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.038","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05469","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05518","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05537","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05562","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05479","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450732","reference_id":"2450732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450732"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016375","reference_id":"show_bug.cgi?id=2016375","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016375"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4690"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqw2-gjvu-6qbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62702?format=json","vulnerability_id":"VCID-wvx2-pba2-sqha","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4708","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450735","reference_id":"2450735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450735"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015268","reference_id":"show_bug.cgi?id=2015268","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015268"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4708"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvx2-pba2-sqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62689?format=json","vulnerability_id":"VCID-yjc2-2whn-uug5","summary":"Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4694","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05434","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05442","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05448","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05462","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05469","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05601","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06165","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06143","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06135","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450747","reference_id":"2450747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450747"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018430","reference_id":"show_bug.cgi?id=2018430","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4694"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjc2-2whn-uug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62704?format=json","vulnerability_id":"VCID-ymak-rv52-h7a5","summary":"Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4710","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450727","reference_id":"2450727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450727"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016370","reference_id":"show_bug.cgi?id=2016370","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016370"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049374?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089383?format=json","purl":"pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4710"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymak-rv52-h7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353247?format=json","vulnerability_id":"VCID-z6tm-b352-5uhk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6747.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6747","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14415","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1905","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.18934","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460095","reference_id":"2460095","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460095"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021769","reference_id":"show_bug.cgi?id=2021769","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021769"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089386?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076491?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.0esr-1"}],"aliases":["CVE-2026-6747"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tm-b352-5uhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354951?format=json","vulnerability_id":"VCID-zkbj-717t-j3hw","summary":"Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7322","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11609","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19785","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7322"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7322","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7322"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-35/","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-35/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-37","reference_id":"mfsa2026-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-37"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-37/","reference_id":"mfsa2026-37","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-37/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-38/","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-38/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089390?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.1esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088977?format=json","purl":"pkg:deb/debian/firefox-esr@140.10.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.1esr-1"}],"aliases":["CVE-2026-7322"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkbj-717t-j3hw"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62750?format=json","vulnerability_id":"VCID-1hay-xe3q-gyb4","summary":"Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2789.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2789.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2789","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04585","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04629","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04566","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05687","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442322","reference_id":"2442322","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442322"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015179","reference_id":"show_bug.cgi?id=2015179","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015179"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2789"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hay-xe3q-gyb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62992?format=json","vulnerability_id":"VCID-1jqj-tqfp-73f7","summary":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14325.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14325.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14325","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25477","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25398","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25353","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25286","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25514","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30263","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29733","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29869","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30054","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30168","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30187","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30173","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29939","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420504","reference_id":"2420504","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420504"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1998050","reference_id":"show_bug.cgi?id=1998050","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T17:04:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1998050"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14325"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jqj-tqfp-73f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62718?format=json","vulnerability_id":"VCID-1u8u-pnq3-t7ae","summary":"Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2757.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2757","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2025","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20284","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20289","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20416","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20912","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442324","reference_id":"2442324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442324"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2001637","reference_id":"show_bug.cgi?id=2001637","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2001637"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2757"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1u8u-pnq3-t7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62753?format=json","vulnerability_id":"VCID-1v2s-g46y-ybdc","summary":"Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2792.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2792","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21143","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21346","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21376","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21514","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21267","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21461","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21167","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21165","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.213","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21325","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21317","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21321","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21769","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442318","reference_id":"2442318","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442318"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331","reference_id":"buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2792"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v2s-g46y-ybdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62748?format=json","vulnerability_id":"VCID-3gmj-y8qd-ufej","summary":"Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2787.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2787.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2787","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04585","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04629","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04566","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05687","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442297","reference_id":"2442297","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442297"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014560","reference_id":"show_bug.cgi?id=2014560","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2787"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gmj-y8qd-ufej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62921?format=json","vulnerability_id":"VCID-3qfb-sxha-v3cw","summary":"Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10529.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10529","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17229","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1731","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17265","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17286","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17358","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18609","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18546","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18587","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18418","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19485","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19446","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19467","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19454","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19544","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395756","reference_id":"2395756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395756"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-73/","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-73/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-75/","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-75/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-77/","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-77/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-78/","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-78/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16108","reference_id":"RHSA-2025:16108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16109","reference_id":"RHSA-2025:16109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16156","reference_id":"RHSA-2025:16156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16157","reference_id":"RHSA-2025:16157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16260","reference_id":"RHSA-2025:16260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16589","reference_id":"RHSA-2025:16589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17340","reference_id":"RHSA-2025:17340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17341","reference_id":"RHSA-2025:17341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17342","reference_id":"RHSA-2025:17342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17343","reference_id":"RHSA-2025:17343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17344","reference_id":"RHSA-2025:17344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17345","reference_id":"RHSA-2025:17345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17346","reference_id":"RHSA-2025:17346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17367","reference_id":"RHSA-2025:17367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17368","reference_id":"RHSA-2025:17368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17371","reference_id":"RHSA-2025:17371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17372","reference_id":"RHSA-2025:17372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17373","reference_id":"RHSA-2025:17373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17374","reference_id":"RHSA-2025:17374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17378","reference_id":"RHSA-2025:17378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17453","reference_id":"RHSA-2025:17453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17453"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1970490","reference_id":"show_bug.cgi?id=1970490","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:44:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1970490"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-10529"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qfb-sxha-v3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62751?format=json","vulnerability_id":"VCID-3sg3-9yx7-fufa","summary":"Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2790.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2790.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2790","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06124","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05935","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05946","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05956","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05904","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0587","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05913","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05902","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05937","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07057","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442313","reference_id":"2442313","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442313"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2008426","reference_id":"show_bug.cgi?id=2008426","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2008426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2790"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sg3-9yx7-fufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63013?format=json","vulnerability_id":"VCID-4bw1-v6ze-kbds","summary":"Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13018.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13018","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10136","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09971","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10034","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18762","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414079","reference_id":"2414079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414079"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1984940","reference_id":"show_bug.cgi?id=1984940","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1984940"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-13018"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4bw1-v6ze-kbds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62993?format=json","vulnerability_id":"VCID-4g7u-xmdq-mkdn","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14328.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14328.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14328","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1647","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16473","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16415","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16329","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16532","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22498","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2213","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22233","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22238","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22252","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22404","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22456","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22459","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22443","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22539","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420508","reference_id":"2420508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420508"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1996761","reference_id":"show_bug.cgi?id=1996761","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:17Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1996761"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14328"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4g7u-xmdq-mkdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63038?format=json","vulnerability_id":"VCID-4gsx-puz4-a3f1","summary":"Use-after-free in MediaTrackGraphImpl::GetInstance()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11708.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11708","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23812","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23925","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23966","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23978","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24103","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24127","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24141","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24309","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24126","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24182","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24224","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24207","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403769","reference_id":"2403769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403769"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1988931","reference_id":"show_bug.cgi?id=1988931","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1988931"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-11708"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gsx-puz4-a3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63014?format=json","vulnerability_id":"VCID-4kd3-95cm-g3fc","summary":"Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13019.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13019","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10136","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09971","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10034","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18762","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414084","reference_id":"2414084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414084"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1988412","reference_id":"show_bug.cgi?id=1988412","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1988412"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-13019"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kd3-95cm-g3fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62747?format=json","vulnerability_id":"VCID-4xqc-36jb-63c2","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2786.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2786","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0442","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05566","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15153","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14964","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14955","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15116","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442320","reference_id":"2442320","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442320"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013612","reference_id":"show_bug.cgi?id=2013612","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013612"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2786"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xqc-36jb-63c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63049?format=json","vulnerability_id":"VCID-59wd-mtjt-4ban","summary":"Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11714.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11714","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17103","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17547","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17593","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17374","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17466","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17526","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17539","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17437","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1738","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17389","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17421","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17328","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17307","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17242","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403763","reference_id":"2403763","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403763"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113","reference_id":"buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-82/","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-82/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-11714"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59wd-mtjt-4ban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62741?format=json","vulnerability_id":"VCID-5ept-fu7g-8kes","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2780.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2780","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04186","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04048","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04029","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04151","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04132","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04119","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03994","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03982","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05355","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442334","reference_id":"2442334","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442334"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2007829","reference_id":"show_bug.cgi?id=2007829","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2007829"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2780"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ept-fu7g-8kes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62997?format=json","vulnerability_id":"VCID-5kwn-x8e4-ukgq","summary":"Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14333.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14333","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20797","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20707","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20646","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20569","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20855","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24922","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24751","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.2481","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24832","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24839","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24828","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24883","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24573","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24695","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24739","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420502","reference_id":"2420502","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420502"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639","reference_id":"buglist.cgi?bug_id=1966501%2C1997639","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14333"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5kwn-x8e4-ukgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62920?format=json","vulnerability_id":"VCID-66z1-8zeg-9qh1","summary":"Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10528.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10528","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23499","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23612","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23566","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23548","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2365","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23428","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25073","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25016","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25061","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24893","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25929","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25881","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2591","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25982","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395755","reference_id":"2395755","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395755"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-73/","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-73/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-75/","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-75/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-77/","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-77/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-78/","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-78/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16108","reference_id":"RHSA-2025:16108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16109","reference_id":"RHSA-2025:16109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16156","reference_id":"RHSA-2025:16156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16157","reference_id":"RHSA-2025:16157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16260","reference_id":"RHSA-2025:16260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16589","reference_id":"RHSA-2025:16589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17340","reference_id":"RHSA-2025:17340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17341","reference_id":"RHSA-2025:17341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17342","reference_id":"RHSA-2025:17342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17343","reference_id":"RHSA-2025:17343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17344","reference_id":"RHSA-2025:17344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17345","reference_id":"RHSA-2025:17345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17346","reference_id":"RHSA-2025:17346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17367","reference_id":"RHSA-2025:17367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17368","reference_id":"RHSA-2025:17368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17371","reference_id":"RHSA-2025:17371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17372","reference_id":"RHSA-2025:17372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17373","reference_id":"RHSA-2025:17373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17374","reference_id":"RHSA-2025:17374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17378","reference_id":"RHSA-2025:17378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17453","reference_id":"RHSA-2025:17453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17453"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1986185","reference_id":"show_bug.cgi?id=1986185","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T18:02:06Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1986185"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-10528"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66z1-8zeg-9qh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62766?format=json","vulnerability_id":"VCID-6cx1-8t9m-u3av","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0886","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04784","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04788","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04544","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04582","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04599","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04594","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04763","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04729","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04688","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04551","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04541","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04566","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428978","reference_id":"2428978","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428978"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005658","reference_id":"show_bug.cgi?id=2005658","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005658"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0886"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cx1-8t9m-u3av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62726?format=json","vulnerability_id":"VCID-6fsa-bnes-tkff","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2765","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06358","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06164","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06137","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06304","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0615","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06138","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06653","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442333","reference_id":"2442333","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442333"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013562","reference_id":"show_bug.cgi?id=2013562","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013562"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2765"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fsa-bnes-tkff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63050?format=json","vulnerability_id":"VCID-6jw1-pere-ruee","summary":"Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11715.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11715","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17945","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18086","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18442","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18497","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18289","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1814","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1823","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18203","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1819","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18245","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18296","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18343","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403774","reference_id":"2403774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403774"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899","reference_id":"buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-11715"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jw1-pere-ruee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62722?format=json","vulnerability_id":"VCID-7wmw-hpfw-vuaa","summary":"Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2761.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2761","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34121","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33986","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34053","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34054","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33981","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33585","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33605","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33974","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34007","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3402","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34344","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442309","reference_id":"2442309","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442309"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011063","reference_id":"show_bug.cgi?id=2011063","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2761"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wmw-hpfw-vuaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62990?format=json","vulnerability_id":"VCID-84jf-84jx-3fgj","summary":"Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14323.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14323","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16821","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16841","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16898","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16767","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22712","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22807","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22728","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22769","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2241","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22511","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22513","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22521","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22683","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22724","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420513","reference_id":"2420513","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420513"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-93","reference_id":"mfsa2025-93","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-93"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-93/","reference_id":"mfsa2025-93","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-93/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1996555","reference_id":"show_bug.cgi?id=1996555","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1996555"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14323"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84jf-84jx-3fgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62767?format=json","vulnerability_id":"VCID-8u4y-zrhv-8fe9","summary":"Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0887","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02823","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02851","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02737","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02759","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02729","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02739","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02714","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02794","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02806","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02816","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02701","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02691","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02711","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428972","reference_id":"2428972","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428972"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2006500","reference_id":"show_bug.cgi?id=2006500","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2006500"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0887"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u4y-zrhv-8fe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62736?format=json","vulnerability_id":"VCID-8zy6-g8kn-hbdc","summary":"Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2775.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2775","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07619","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07642","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0767","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07669","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07651","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07586","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07576","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07622","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07645","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07695","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07555","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0799","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442314","reference_id":"2442314","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442314"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015199","reference_id":"show_bug.cgi?id=2015199","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015199"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2775"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zy6-g8kn-hbdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62925?format=json","vulnerability_id":"VCID-93au-w2zh-3yhg","summary":"Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10533.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10533.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10533","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24553","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24518","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24463","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24448","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24335","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25446","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25555","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25605","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25613","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26517","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26574","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26497","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26524","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395766","reference_id":"2395766","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395766"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-73/","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-73/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-74","reference_id":"mfsa2025-74","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-74"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-74/","reference_id":"mfsa2025-74","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-74/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-75/","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-75/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-77/","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-77/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-78/","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-78/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16108","reference_id":"RHSA-2025:16108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16109","reference_id":"RHSA-2025:16109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16156","reference_id":"RHSA-2025:16156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16157","reference_id":"RHSA-2025:16157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16260","reference_id":"RHSA-2025:16260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16589","reference_id":"RHSA-2025:16589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17340","reference_id":"RHSA-2025:17340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17341","reference_id":"RHSA-2025:17341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17342","reference_id":"RHSA-2025:17342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17343","reference_id":"RHSA-2025:17343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17344","reference_id":"RHSA-2025:17344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17345","reference_id":"RHSA-2025:17345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17346","reference_id":"RHSA-2025:17346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17367","reference_id":"RHSA-2025:17367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17368","reference_id":"RHSA-2025:17368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17371","reference_id":"RHSA-2025:17371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17372","reference_id":"RHSA-2025:17372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17373","reference_id":"RHSA-2025:17373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17374","reference_id":"RHSA-2025:17374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17378","reference_id":"RHSA-2025:17378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17453","reference_id":"RHSA-2025:17453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17453"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1980788","reference_id":"show_bug.cgi?id=1980788","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-16T13:44:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-10533"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93au-w2zh-3yhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63011?format=json","vulnerability_id":"VCID-962a-dwqf-3ycg","summary":"Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13016.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13016","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09649","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09765","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09736","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14515","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14709","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23702","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23525","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23596","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414083","reference_id":"2414083","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414083"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1992130","reference_id":"show_bug.cgi?id=1992130","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1992130"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-13016"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-962a-dwqf-3ycg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62752?format=json","vulnerability_id":"VCID-9zxb-j4ep-n7g9","summary":"Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2791.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2791.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2791","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07455","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07443","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07526","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07523","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07461","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07499","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0741","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07421","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07811","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442342","reference_id":"2442342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442342"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015220","reference_id":"show_bug.cgi?id=2015220","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015220"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2791"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zxb-j4ep-n7g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62761?format=json","vulnerability_id":"VCID-a98z-hwzc-wkcj","summary":"Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0882","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05757","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0575","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05534","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05568","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05743","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05672","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05509","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05498","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05549","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428966","reference_id":"2428966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428966"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1924125","reference_id":"show_bug.cgi?id=1924125","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1924125"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0882"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a98z-hwzc-wkcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62719?format=json","vulnerability_id":"VCID-azdd-vdn3-kffy","summary":"Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2758.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2758","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2025","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20284","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20289","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20416","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20912","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442337","reference_id":"2442337","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442337"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009608","reference_id":"show_bug.cgi?id=2009608","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009608"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2758"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azdd-vdn3-kffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62725?format=json","vulnerability_id":"VCID-b5jm-57h2-2qcs","summary":"JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2764.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2764","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06476","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06534","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06543","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06556","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06515","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06646","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06441","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06651","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06637","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06626","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06469","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06997","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442329","reference_id":"2442329","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442329"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012608","reference_id":"show_bug.cgi?id=2012608","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012608"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2764"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5jm-57h2-2qcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62740?format=json","vulnerability_id":"VCID-b8dx-232z-qbbc","summary":"Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2779.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2779","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06358","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06304","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06653","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20124","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2032","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20097","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20104","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20162","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442327","reference_id":"2442327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442327"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1164141","reference_id":"show_bug.cgi?id=1164141","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1164141"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2779"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8dx-232z-qbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62929?format=json","vulnerability_id":"VCID-c6rx-p235-9bdz","summary":"Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10537.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10537","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18846","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18753","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18899","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18619","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20083","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20046","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20077","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19954","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21039","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2103","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21018","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2104","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21091","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395759","reference_id":"2395759","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395759"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067","reference_id":"buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-73/","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-73/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-75/","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-75/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-77/","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-77/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-78/","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-78/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16108","reference_id":"RHSA-2025:16108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16109","reference_id":"RHSA-2025:16109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16156","reference_id":"RHSA-2025:16156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16157","reference_id":"RHSA-2025:16157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16260","reference_id":"RHSA-2025:16260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16589","reference_id":"RHSA-2025:16589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17340","reference_id":"RHSA-2025:17340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17341","reference_id":"RHSA-2025:17341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17342","reference_id":"RHSA-2025:17342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17343","reference_id":"RHSA-2025:17343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17344","reference_id":"RHSA-2025:17344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17345","reference_id":"RHSA-2025:17345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17346","reference_id":"RHSA-2025:17346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17367","reference_id":"RHSA-2025:17367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17368","reference_id":"RHSA-2025:17368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17371","reference_id":"RHSA-2025:17371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17372","reference_id":"RHSA-2025:17372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17373","reference_id":"RHSA-2025:17373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17374","reference_id":"RHSA-2025:17374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17378","reference_id":"RHSA-2025:17378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17453","reference_id":"RHSA-2025:17453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17453"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-10537"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6rx-p235-9bdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62746?format=json","vulnerability_id":"VCID-cpez-x3zd-p7bu","summary":"Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2785.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2785","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0442","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05566","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15153","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14964","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14955","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15116","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442284","reference_id":"2442284","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442284"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013549","reference_id":"show_bug.cgi?id=2013549","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013549"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2785"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpez-x3zd-p7bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62994?format=json","vulnerability_id":"VCID-db28-rbyf-1qf4","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14329.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14329.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14329","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1647","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16473","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16415","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16329","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16532","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22498","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2213","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22233","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22238","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22252","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22404","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22456","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22459","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22443","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22539","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420509","reference_id":"2420509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420509"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1997018","reference_id":"show_bug.cgi?id=1997018","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:15Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1997018"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14329"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db28-rbyf-1qf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62928?format=json","vulnerability_id":"VCID-ddwf-z514-hbbj","summary":"Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10536.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10536.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10536","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04735","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04738","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04747","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04687","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05639","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05786","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05755","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05598","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05586","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05632","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05832","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05823","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05844","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395764","reference_id":"2395764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395764"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-73/","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-73/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-75/","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-75/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-77/","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-77/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-78/","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-78/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16108","reference_id":"RHSA-2025:16108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16109","reference_id":"RHSA-2025:16109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16156","reference_id":"RHSA-2025:16156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16157","reference_id":"RHSA-2025:16157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16260","reference_id":"RHSA-2025:16260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16589","reference_id":"RHSA-2025:16589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17340","reference_id":"RHSA-2025:17340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17341","reference_id":"RHSA-2025:17341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17342","reference_id":"RHSA-2025:17342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17343","reference_id":"RHSA-2025:17343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17344","reference_id":"RHSA-2025:17344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17345","reference_id":"RHSA-2025:17345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17346","reference_id":"RHSA-2025:17346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17367","reference_id":"RHSA-2025:17367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17368","reference_id":"RHSA-2025:17368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17371","reference_id":"RHSA-2025:17371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17372","reference_id":"RHSA-2025:17372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17373","reference_id":"RHSA-2025:17373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17374","reference_id":"RHSA-2025:17374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17378","reference_id":"RHSA-2025:17378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17453","reference_id":"RHSA-2025:17453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17453"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1981502","reference_id":"show_bug.cgi?id=1981502","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T17:33:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1981502"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-10536"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddwf-z514-hbbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62768?format=json","vulnerability_id":"VCID-deth-9krh-kufj","summary":"Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0890","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04153","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04185","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04048","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04028","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0415","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04132","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04118","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03993","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03981","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03998","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04026","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0890"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428971","reference_id":"2428971","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428971"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005081","reference_id":"show_bug.cgi?id=2005081","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005081"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0890"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-deth-9krh-kufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63010?format=json","vulnerability_id":"VCID-dgwm-n1zx-qkbq","summary":"Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13012.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13012","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09794","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09632","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09746","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09604","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10314","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16056","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.15937","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16094","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16097","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16207","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22362","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22148","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.2223","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22319","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414086","reference_id":"2414086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414086"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-89/","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-89/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1991458","reference_id":"show_bug.cgi?id=1991458","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1991458"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-13012"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgwm-n1zx-qkbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62739?format=json","vulnerability_id":"VCID-dxwp-5jfs-nuew","summary":"Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2778.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2778","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07744","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07809","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0772","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07766","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08061","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23176","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23123","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23102","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442335","reference_id":"2442335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442335"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016358","reference_id":"show_bug.cgi?id=2016358","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016358"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2778"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxwp-5jfs-nuew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63016?format=json","vulnerability_id":"VCID-e7jk-vs8y-fyhr","summary":"Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13020.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13020","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10752","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10739","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10935","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17573","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17663","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17359","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17494","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17549","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23702","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23525","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23596","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23745","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414085","reference_id":"2414085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414085"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1995686","reference_id":"show_bug.cgi?id=1995686","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1995686"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-13020"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7jk-vs8y-fyhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62737?format=json","vulnerability_id":"VCID-gcnq-avax-aqcv","summary":"Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2776.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2776","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07744","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07809","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0772","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07766","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08061","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23176","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23123","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23102","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442291","reference_id":"2442291","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442291"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015266","reference_id":"show_bug.cgi?id=2015266","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015266"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2776"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcnq-avax-aqcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62764?format=json","vulnerability_id":"VCID-h2gc-zk2a-1fg6","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0884","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07181","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07167","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07117","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.072","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0714","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0717","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07091","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07196","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07216","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07092","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07115","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07178","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07187","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428967","reference_id":"2428967","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428967"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003588","reference_id":"show_bug.cgi?id=2003588","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003588"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0884"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2gc-zk2a-1fg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62988?format=json","vulnerability_id":"VCID-h9em-p9se-rucn","summary":"Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14321.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14321.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14321","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20797","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20707","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20646","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20569","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20855","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24922","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24751","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.2481","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24832","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24839","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24828","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24883","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24573","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24695","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24739","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14321"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420503","reference_id":"2420503","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420503"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1992760","reference_id":"show_bug.cgi?id=1992760","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T19:36:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1992760"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14321"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9em-p9se-rucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62989?format=json","vulnerability_id":"VCID-hccf-ueut-vugw","summary":"Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14322.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14322.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14322","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1453","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.146","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1441","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19517","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19623","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19482","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19575","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19236","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19345","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19384","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19394","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19502","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19491","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14322"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420506","reference_id":"2420506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420506"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-93","reference_id":"mfsa2025-93","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-93"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-93/","reference_id":"mfsa2025-93","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-93/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1996473","reference_id":"show_bug.cgi?id=1996473","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T04:57:18Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1996473"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14322"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hccf-ueut-vugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62723?format=json","vulnerability_id":"VCID-hsc9-up4x-nbgs","summary":"Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2762.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2762","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06358","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06304","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06653","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20124","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2032","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20097","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20104","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20162","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442308","reference_id":"2442308","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442308"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011649","reference_id":"show_bug.cgi?id=2011649","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011649"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2762"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsc9-up4x-nbgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62765?format=json","vulnerability_id":"VCID-jybh-8px4-pqau","summary":"Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0885","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05929","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05729","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05734","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05697","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05689","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05756","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05657","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05904","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05868","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05835","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05686","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05676","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0572","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05726","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428961","reference_id":"2428961","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428961"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003607","reference_id":"show_bug.cgi?id=2003607","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003607"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0885"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jybh-8px4-pqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63019?format=json","vulnerability_id":"VCID-kdwy-7p45-hbcs","summary":"Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13015.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13015.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13015","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08124","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08138","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11327","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11089","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11159","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11227","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11268","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1334","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13302","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13252","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13908","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27955","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28116","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28159","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28023","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414090","reference_id":"2414090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414090"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-89/","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1994164","reference_id":"show_bug.cgi?id=1994164","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1994164"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-13015"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kdwy-7p45-hbcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62762?format=json","vulnerability_id":"VCID-kk2m-2mxz-sbex","summary":"Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14327","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02659","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02672","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02702","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02682","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0268","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03532","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03534","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03521","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03403","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03391","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03439","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03577","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03467","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03527","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420507","reference_id":"2420507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420507"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1970743","reference_id":"show_bug.cgi?id=1970743","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1970743"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14327"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kk2m-2mxz-sbex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63040?format=json","vulnerability_id":"VCID-kkgh-a9hg-fud8","summary":"A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11710.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11710","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2637","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26504","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26575","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26584","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2675","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26681","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26702","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26759","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26803","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.268","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403768","reference_id":"2403768","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403768"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-82/","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-82/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989899","reference_id":"show_bug.cgi?id=1989899","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989899"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-11710"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkgh-a9hg-fud8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62724?format=json","vulnerability_id":"VCID-m3mp-su9k-sfhs","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2763.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2763","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06232","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06295","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06306","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0631","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06252","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06459","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06226","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06447","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06424","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06265","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06814","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442316","reference_id":"2442316","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442316"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012018","reference_id":"show_bug.cgi?id=2012018","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012018"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2763"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3mp-su9k-sfhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62754?format=json","vulnerability_id":"VCID-menq-g5ce-1yd8","summary":"Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2793.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2793.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2793","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21878","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21678","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21775","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21763","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21706","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2163","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21489","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21825","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21502","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21656","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21686","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22097","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442287","reference_id":"2442287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442287"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498","reference_id":"buglist.cgi?bug_id=2015196%2C2016423%2C2016498","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2793"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-menq-g5ce-1yd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62735?format=json","vulnerability_id":"VCID-mn6j-2wd1-ukfb","summary":"Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2774.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2774","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05833","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05914","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05866","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06795","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442290","reference_id":"2442290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442290"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014883","reference_id":"show_bug.cgi?id=2014883","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014883"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2774"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mn6j-2wd1-ukfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62758?format=json","vulnerability_id":"VCID-ndd4-kd1y-z7ep","summary":"Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0878","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07767","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07789","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07861","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07827","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0784","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0778","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07821","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07865","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07712","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07739","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07825","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07838","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428965","reference_id":"2428965","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428965"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003989","reference_id":"show_bug.cgi?id=2003989","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003989"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0878"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndd4-kd1y-z7ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62730?format=json","vulnerability_id":"VCID-nhsr-4zux-2bck","summary":"Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2769.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2769","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05058","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04987","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05017","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06004","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15724","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1566","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15599","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15634","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15667","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15612","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15526","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15468","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15462","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15536","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442295","reference_id":"2442295","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442295"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014550","reference_id":"show_bug.cgi?id=2014550","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014550"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2769"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhsr-4zux-2bck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62769?format=json","vulnerability_id":"VCID-nkpq-9gd6-nuc4","summary":"Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0891","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0686","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06643","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06688","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06674","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06724","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06757","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06742","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06673","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06662","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0682","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06845","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06821","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428963","reference_id":"2428963","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428963"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278","reference_id":"buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0891"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkpq-9gd6-nuc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62728?format=json","vulnerability_id":"VCID-ntqr-ptmu-yuen","summary":"Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2767.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2767","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14998","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15116","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15153","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15056","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15054","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15016","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14964","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14955","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17321","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442328","reference_id":"2442328","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442328"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013741","reference_id":"show_bug.cgi?id=2013741","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013741"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntqr-ptmu-yuen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62732?format=json","vulnerability_id":"VCID-p9zh-7wyj-hffm","summary":"Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2771","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07916","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07885","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07949","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08248","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20418","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442288","reference_id":"2442288","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442288"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014593","reference_id":"show_bug.cgi?id=2014593","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014593"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2771"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9zh-7wyj-hffm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62995?format=json","vulnerability_id":"VCID-pcgf-xtfq-6ugb","summary":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14330.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14330","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21432","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2138","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21318","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21238","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21486","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25471","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25171","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25289","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25334","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25341","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25377","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25409","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.2542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25414","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25514","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420516","reference_id":"2420516","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420516"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1997503","reference_id":"show_bug.cgi?id=1997503","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:35:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1997503"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14330"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcgf-xtfq-6ugb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62759?format=json","vulnerability_id":"VCID-pemg-ndu8-wbbc","summary":"Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0879","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07313","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07299","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07252","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07319","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07331","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07307","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07273","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07229","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07325","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07362","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07235","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07239","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07309","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0879"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428973","reference_id":"2428973","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428973"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2004602","reference_id":"show_bug.cgi?id=2004602","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2004602"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0879"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pemg-ndu8-wbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62738?format=json","vulnerability_id":"VCID-q1pv-avug-juef","summary":"Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2777.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2777","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20117","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19894","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19952","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19997","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19977","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19923","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19843","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19732","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20059","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.1977","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19874","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19876","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19871","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20383","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442312","reference_id":"2442312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442312"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015305","reference_id":"show_bug.cgi?id=2015305","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015305"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2777"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1pv-avug-juef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63039?format=json","vulnerability_id":"VCID-qeh2-jn2v-9ug7","summary":"A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11709.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11709","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2637","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26504","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26575","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26584","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26681","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26702","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26759","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2675","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26803","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.268","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403765","reference_id":"2403765","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403765"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-82/","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-82/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989127","reference_id":"show_bug.cgi?id=1989127","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989127"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-11709"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qeh2-jn2v-9ug7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63017?format=json","vulnerability_id":"VCID-qgvy-hzsx-hkge","summary":"Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13014.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13014","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13292","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13254","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13205","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13848","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20524","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20386","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20492","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20527","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26276","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26456","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.265","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26344","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414080","reference_id":"2414080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414080"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-89/","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-89/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1994241","reference_id":"show_bug.cgi?id=1994241","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1994241"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-13014"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgvy-hzsx-hkge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62760?format=json","vulnerability_id":"VCID-qm8f-f8nr-qba9","summary":"Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0880","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05757","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0575","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05534","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05568","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05743","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05672","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05509","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05498","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05549","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428975","reference_id":"2428975","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428975"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005014","reference_id":"show_bug.cgi?id=2005014","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005014"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0880"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm8f-f8nr-qba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62749?format=json","vulnerability_id":"VCID-qta2-8rnt-k7d1","summary":"Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2788.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2788","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06232","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06295","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06306","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0631","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06252","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06459","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06226","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06447","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06424","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06265","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06814","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442302","reference_id":"2442302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442302"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014824","reference_id":"show_bug.cgi?id=2014824","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2788"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qta2-8rnt-k7d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62734?format=json","vulnerability_id":"VCID-r7vt-w149-9bfn","summary":"Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2773.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2773","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07891","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07927","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07941","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07958","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07949","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07934","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07885","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07886","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07916","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0783","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07845","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08248","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442319","reference_id":"2442319","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442319"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014832","reference_id":"show_bug.cgi?id=2014832","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014832"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2773"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r7vt-w149-9bfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62919?format=json","vulnerability_id":"VCID-rg63-avu7-2bdc","summary":"Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10527.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10527.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10527","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16221","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16209","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16227","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16282","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16078","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17531","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1744","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17508","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17303","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18472","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18416","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1845","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18429","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18523","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395745","reference_id":"2395745","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395745"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-73/","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-73/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-75/","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-75/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-77/","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-77/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-78/","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-78/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16108","reference_id":"RHSA-2025:16108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16109","reference_id":"RHSA-2025:16109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16156","reference_id":"RHSA-2025:16156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16157","reference_id":"RHSA-2025:16157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16260","reference_id":"RHSA-2025:16260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16589","reference_id":"RHSA-2025:16589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17340","reference_id":"RHSA-2025:17340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17341","reference_id":"RHSA-2025:17341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17342","reference_id":"RHSA-2025:17342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17343","reference_id":"RHSA-2025:17343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17344","reference_id":"RHSA-2025:17344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17345","reference_id":"RHSA-2025:17345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17346","reference_id":"RHSA-2025:17346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17367","reference_id":"RHSA-2025:17367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17368","reference_id":"RHSA-2025:17368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17371","reference_id":"RHSA-2025:17371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17372","reference_id":"RHSA-2025:17372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17373","reference_id":"RHSA-2025:17373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17374","reference_id":"RHSA-2025:17374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17378","reference_id":"RHSA-2025:17378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17453","reference_id":"RHSA-2025:17453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17453"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1984825","reference_id":"show_bug.cgi?id=1984825","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:30:33Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1984825"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-10527"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rg63-avu7-2bdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62924?format=json","vulnerability_id":"VCID-ruc1-kmaz-fkbb","summary":"Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10532.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10532.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10532","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17688","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17844","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17768","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1775","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17898","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17599","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.18925","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19096","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19042","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20067","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2005","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20052","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20125","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395754","reference_id":"2395754","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395754"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-73"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-73/","reference_id":"mfsa2025-73","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-73/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-75/","reference_id":"mfsa2025-75","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-75/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-77"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-77/","reference_id":"mfsa2025-77","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-77/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-78/","reference_id":"mfsa2025-78","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-78/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16108","reference_id":"RHSA-2025:16108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16109","reference_id":"RHSA-2025:16109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16156","reference_id":"RHSA-2025:16156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16157","reference_id":"RHSA-2025:16157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16260","reference_id":"RHSA-2025:16260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16589","reference_id":"RHSA-2025:16589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17340","reference_id":"RHSA-2025:17340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17341","reference_id":"RHSA-2025:17341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17342","reference_id":"RHSA-2025:17342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17343","reference_id":"RHSA-2025:17343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17344","reference_id":"RHSA-2025:17344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17345","reference_id":"RHSA-2025:17345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17346","reference_id":"RHSA-2025:17346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17367","reference_id":"RHSA-2025:17367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17368","reference_id":"RHSA-2025:17368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17371","reference_id":"RHSA-2025:17371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17372","reference_id":"RHSA-2025:17372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17373","reference_id":"RHSA-2025:17373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17374","reference_id":"RHSA-2025:17374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17378","reference_id":"RHSA-2025:17378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17453","reference_id":"RHSA-2025:17453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17453"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1979502","reference_id":"show_bug.cgi?id=1979502","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:10:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1979502"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-10532"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruc1-kmaz-fkbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62744?format=json","vulnerability_id":"VCID-sgwe-9xfj-6kav","summary":"Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2783.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2783","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11968","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12149","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12171","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12208","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12269","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12068","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12224","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12101","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12121","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12003","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12007","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12136","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13912","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442300","reference_id":"2442300","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442300"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010943","reference_id":"show_bug.cgi?id=2010943","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010943"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2783"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgwe-9xfj-6kav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62731?format=json","vulnerability_id":"VCID-ss9j-7jd7-nbf1","summary":"Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2770.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2770","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.035","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03498","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03551","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03494","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04831","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442343","reference_id":"2442343","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442343"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014585","reference_id":"show_bug.cgi?id=2014585","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014585"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2770"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ss9j-7jd7-nbf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62757?format=json","vulnerability_id":"VCID-t2c3-smqc-zkba","summary":"Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0877","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06504","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0633","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06302","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06257","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06468","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06445","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06429","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0627","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06318","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428969","reference_id":"2428969","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428969"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1999257","reference_id":"show_bug.cgi?id=1999257","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1999257"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0877"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2c3-smqc-zkba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63044?format=json","vulnerability_id":"VCID-t9cw-yjar-ckfd","summary":"A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11712.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11712","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11816","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11901","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12141","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11988","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12186","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1207","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12028","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1205","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11931","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11934","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12062","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12093","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12122","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11712"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403770","reference_id":"2403770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403770"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1979536","reference_id":"show_bug.cgi?id=1979536","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1979536"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-11712"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9cw-yjar-ckfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62729?format=json","vulnerability_id":"VCID-te1e-sjsk-bfd8","summary":"Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2768.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2768","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26573","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26818","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26824","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26869","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2696","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2675","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26866","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26923","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26644","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26651","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26774","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26767","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27441","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442298","reference_id":"2442298","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442298"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014101","reference_id":"show_bug.cgi?id=2014101","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014101"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2768"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-te1e-sjsk-bfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63041?format=json","vulnerability_id":"VCID-tgsj-hp8b-27f9","summary":"There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11711.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11711.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11711","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08035","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08064","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08091","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08172","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08015","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08146","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08085","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0803","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08124","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0816","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08169","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403776","reference_id":"2403776","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403776"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-82/","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-82/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989978","reference_id":"show_bug.cgi?id=1989978","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989978"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-11711"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgsj-hp8b-27f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62996?format=json","vulnerability_id":"VCID-tkzd-c11q-3qaf","summary":"Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14331.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14331.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14331","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1095","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10932","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10997","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10822","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10897","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13633","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13718","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13545","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13682","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13398","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1349","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13599","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13616","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13543","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420512","reference_id":"2420512","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420512"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-93","reference_id":"mfsa2025-93","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-93"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-93/","reference_id":"mfsa2025-93","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-93/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2000218","reference_id":"show_bug.cgi?id=2000218","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T16:59:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2000218"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14331"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkzd-c11q-3qaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62727?format=json","vulnerability_id":"VCID-ud33-vgxh-8khj","summary":"Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2766.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2766","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06358","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06164","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06137","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06304","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0615","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06138","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06653","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442294","reference_id":"2442294","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442294"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013583","reference_id":"show_bug.cgi?id=2013583","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013583"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2766"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ud33-vgxh-8khj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63015?format=json","vulnerability_id":"VCID-ukut-zyjx-93gq","summary":"Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13013.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13013","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12178","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12141","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1198","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12109","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11977","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12681","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16841","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16709","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16891","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16907","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26314","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26086","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26153","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26272","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414091","reference_id":"2414091","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414091"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-89/","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-89/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1991945","reference_id":"show_bug.cgi?id=1991945","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1991945"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-13013"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukut-zyjx-93gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62742?format=json","vulnerability_id":"VCID-vszp-vyxy-f7g7","summary":"Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2781","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15369","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15373","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15332","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17645","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442292","reference_id":"2442292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442292"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009552","reference_id":"show_bug.cgi?id=2009552","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009552"},{"reference_url":"https://usn.ubuntu.com/8071-1/","reference_id":"USN-8071-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8071-1/"},{"reference_url":"https://usn.ubuntu.com/8071-2/","reference_id":"USN-8071-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8071-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2781"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vszp-vyxy-f7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62743?format=json","vulnerability_id":"VCID-w4u8-25rz-gqeq","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2782.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2782.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2782","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15743","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15864","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15863","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15901","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15979","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15778","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15926","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15917","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15785","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15787","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15771","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15727","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15717","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15795","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18099","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442331","reference_id":"2442331","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442331"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010743","reference_id":"show_bug.cgi?id=2010743","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2782"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4u8-25rz-gqeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62721?format=json","vulnerability_id":"VCID-wagm-cq36-k7g3","summary":"Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2760.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2760","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23102","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23176","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23123","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22899","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22905","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23071","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23535","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442325","reference_id":"2442325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442325"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011062","reference_id":"show_bug.cgi?id=2011062","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011062"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2760"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wagm-cq36-k7g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62720?format=json","vulnerability_id":"VCID-wwdh-xmux-3qdq","summary":"Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2759.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2759.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2759","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2025","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20284","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20289","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20416","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20912","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442307","reference_id":"2442307","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442307"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010933","reference_id":"show_bug.cgi?id=2010933","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010933"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2759"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwdh-xmux-3qdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62745?format=json","vulnerability_id":"VCID-wwkc-4c69-cbea","summary":"Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2784.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2784.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2784","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06184","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06192","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06141","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06154","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06462","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19567","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19714","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19624","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19488","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1962","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19491","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19483","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19517","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19575","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442304","reference_id":"2442304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442304"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012984","reference_id":"show_bug.cgi?id=2012984","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012984"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2784"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwkc-4c69-cbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63012?format=json","vulnerability_id":"VCID-wz6r-xzm9-m7hp","summary":"Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13017.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13017","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10136","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09971","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10034","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18762","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414092","reference_id":"2414092","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414092"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1980904","reference_id":"show_bug.cgi?id=1980904","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1980904"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-13017"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wz6r-xzm9-m7hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62733?format=json","vulnerability_id":"VCID-xcbn-tkgg-4ben","summary":"Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2772.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2772","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04874","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04801","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04886","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04836","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05861","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442326","reference_id":"2442326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442326"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014827","reference_id":"show_bug.cgi?id=2014827","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014827"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2772"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcbn-tkgg-4ben"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62991?format=json","vulnerability_id":"VCID-xghm-4ygw-tkb2","summary":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14324.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14324.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14324","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22585","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22617","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2266","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22449","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26673","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26717","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.263","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26433","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26492","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26499","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26624","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26616","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26557","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26595","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14324"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420517","reference_id":"2420517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420517"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-93","reference_id":"mfsa2025-93","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-93"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-93/","reference_id":"mfsa2025-93","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-93/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-94/","reference_id":"mfsa2025-94","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-94/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-96/","reference_id":"mfsa2025-96","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-96/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23034","reference_id":"RHSA-2025:23034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23035","reference_id":"RHSA-2025:23035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23128","reference_id":"RHSA-2025:23128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23856","reference_id":"RHSA-2025:23856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0003","reference_id":"RHSA-2026:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0004","reference_id":"RHSA-2026:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0005","reference_id":"RHSA-2026:0005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0006","reference_id":"RHSA-2026:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0007","reference_id":"RHSA-2026:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0013","reference_id":"RHSA-2026:0013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0014","reference_id":"RHSA-2026:0014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0015","reference_id":"RHSA-2026:0015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0016","reference_id":"RHSA-2026:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0017","reference_id":"RHSA-2026:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0018","reference_id":"RHSA-2026:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0019","reference_id":"RHSA-2026:0019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0020","reference_id":"RHSA-2026:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0021","reference_id":"RHSA-2026:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0022","reference_id":"RHSA-2026:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0023","reference_id":"RHSA-2026:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0024","reference_id":"RHSA-2026:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0025","reference_id":"RHSA-2026:0025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0026","reference_id":"RHSA-2026:0026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0124","reference_id":"RHSA-2026:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0127","reference_id":"RHSA-2026:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0127"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1996840","reference_id":"show_bug.cgi?id=1996840","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-11T20:01:17Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1996840"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14324"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xghm-4ygw-tkb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62763?format=json","vulnerability_id":"VCID-zdxh-fp2e-47dd","summary":"Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0883","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0317","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03207","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03106","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03094","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03131","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03158","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03165","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03163","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03034","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03069","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428968","reference_id":"2428968","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428968"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989340","reference_id":"show_bug.cgi?id=1989340","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989340"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049373?format=json","purl":"pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0883"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdxh-fp2e-47dd"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1"}